Just Released! Version 13.1

New Tunnel VPN App for SD-WAN, Privacy

NG Firewall version 13.1 includes a new app, Tunnel VPN, plus improvements to Captive Portal. This release focuses on expanding Untangle NG Firewall’s industry-leading connectivity and authentication capabilities to address the needs of distributed enterprises, branch offices, retailers, franchises and other organizations who rely on SD-WAN and secure Wi-Fi solutions.

We have version 13.1 video resources to help you understand the key updates in this release. You can find all the version 13.1 video resources below.


Tunnel VPN

Tunnel VPN is the easiest way to create a persistent, secure connection between your Untangle NG Firewall and a remote network. Tunnel VPN works seamlessly to accomplish a variety of networking scenarios, including:

  • Branch Offices: Sending internet-bound traffic through another site (data center, NOC, headquarters) for security, filtering, policy enforcement and centralized reporting, alleviating the need for management or reporting at the branch.
  • Cloud Access Security Brokers (CASB): Leverage CASB to process some or all traffic as it transits from the local infrastructure to the internet, allowing a layered approach to security that reduces the burden on remote offices.
  • SD-WAN: Reduces WAN costs, improves uptime and ensures reliability by utilizing the best route to the internet for network traffic.
  • Privacy: Connects to a cloud-hosted Untangle instance or other third party privacy VPN to ensure secure, private browsing and application usage as well as net-neutral access.

Tunnel VPN is powered by a fully featured ruleset, enabling WAN optimizations to determine which traffic is sent through the tunnel and directed at any given interface, host, subnet, port or other criteria. Like other NG Firewall apps, Tunnel VPN uses Untangle’s innovative tagging feature to enable administrators to create advanced, dynamic scenarios based on any taggable event or activity.
Tunnel VPN has applicability from SOHO to the distributed enterprise.
Some examples:

  • Configure a Untangle at a branch office to connect and send all internet traffic through headquarters (for security, control, and reporting)
  • Configure some traffic (public guest Wi-Fi) to be sent to a cloud security provider for special handling
  • Configure traffic to use Tunnel VPN for certain privacy concerns, like visiting specific websites or using specific applications

Tunnel VPN features a configuration wizard to enable connections to many privacy VPN providers like ExpressVPN, NordVPN or even another Untangle NG Firewall. There are also generic options which support most commonly available OpenVPN-based providers.

Captive Portal

Organizations that provide secure Wi-Fi to employees, customers or the public now have the ability to authenticate users via Google, Facebook, or Office 365 accounts directly with those services, enabling administrators to easily identify users without having to maintain separate directories, reducing administrative overhead, speeding login and providing opportunities for user-customized communications and access privileges.

Application Control

The Application Control app has been updated to improve detection and include over 350 new applications, ranging from social applications like Facetime and Slack, to adult-content applications like Pornhub, Youporn and 4chan.

Text-Based Administration Interface

While Untangle is designed to be easily configured via a keyboard and mouse, some instances—for example, no VGA/HDMI access—it is necessary to use the more traditional approach of configuring the address of the device, and then continuing administration and configuration remotely via another device through the web interface. “Text-based” administration interface is now available with version 13.1, allowing an alternative to the admin web interface.

NG Firewall for Amazon Web Services (AWS) and Azure

Beta support for running NG Firewall in AWS and Azure is now available.

Other Enhancements

Please see the Changelog for a full list of enhancements in v13.1.

Command Center

Global Alerts
NG Firewall provides extensive alerting capability via its administrative interface. However, these alerts are specific to each NG Firewall deployment. With Command Center, administrators can now create global alerts across deployments, improving visibility, ensuring business continuity, and easing management for multi-site deployments and MSPs.

Command Center global alerts also provide better visibility to uptime issues by ensuring alert deliverability in the event of an outage or WAN failure. Command Center global alerts support integrations with popular management tools including Pager Duty and Slack.

Account Management
Command Center now offers customers an easier way to manage licensing, provisioning and billing across their Untangle account. In addition to managing subscriptions and appliances, administrators can now manage billing information, simplifying the licensing and provisioning process.

Account management in Command Center also supports user roles for creating administrative accounts and associated privileges across multiple deployments. This feature enables organizations to divide responsibilities for administering specific deployments across different user accounts.

Pricing & Availability

Untangle NG Firewall version 13.1 is available as a free download. Current Untangle customers will be able to upgrade seamlessly at no charge. Command Center’s new features will be available in September.


Join us for the Community Webinar: v13.1 on September 13, 2017 at 10 AM PT. Register here.

More Info


Version 13

NG Firewall version 13.0 is the latest major release. This release includes a new, responsive, and URL-routing administrative interface, as well as user tracking, tagging and trigger rules. In addition, v13 tackles bufferbloat, ensuring optimal bandwidth utilization.

New Administrative Interface

Over the last several releases of NG Firewall, we’ve made drastic improvements to the usability and performance of our administrative user interface––all with the goal of making your job as network administrator easier.

With v13, we’ve further updated the UI to load, render and respond more quickly. Additionally, we’ve made a few key enhancements to make the UI behave more like a web application and less like an installed app. We’ve removed “modal” windows, and also now provide URL routing, allowing you to use the browser’s back button like you would expect. You can also share direct links to specific application pages with others, whether you wish to share a report or show another admin a specific configuration tab.

A few other changes include:

  • The new default skin is no longer the “rack” look, but is now a simplified, modern presentation style.
  • The dashboards and charts have been updated to be faster and easier to read.
  • There is a new rule builder that enhances your user experience.

We hope you’ll be as excited as we are about these changes as we continue to streamline the user experience with the goal of providing you with the easiest, most powerful unified threat management solution on the planet.


Interactive internet applications like VOIP and gaming rely on performant networks. However, performance is dependent on each piece of networking equipment along the path that the traffic travels. Unfortunately, some equipment manufacturers trying to help solve the problem have actually made it worse by including overly large buffers (places to temporarily hold incoming or outgoing data).

In a nutshell, bufferbloat is simply poor latency caused by excess buffering in networking equipment. In situations where you have a fast local area network connected to a slower internet connection, the buffer will likely fill up quickly and users will begin to experience latency. For example, one user on the network might be uploading a file, filling up the buffer quickly, while another user attempts to make a VoIP call. While the VoIP call does not require as much bandwidth as the upload, the VoIP call will be impacted significantly by the latency due to the upload filling up the buffer.

Untangle now solves this problem by supporting a queueing algorithm that optimizes bandwidth and QoS to enforce a controlled delay. NG Firewall, if configured to do so, can act as the buffer. It will use the new queuing algorithm, QoS and bandwidth control to manage traffic so the VoIP call’s latency is reduced and, at the same time, ensure that the upload continues with minimal impact.

User Tracking, Tags and Triggers

User Tracking

Untangle has added a “User” table to complement the other 3 major tables: Sessions, Hosts (IP addresses), and Devices (MAC addresses). Each of these tables house information on all the entities on the network. The User table stores the usernames that are connected to the network. This new addition enables quotas to be enforced via usernames and not just by device.


Tagging is a new feature that allows administrators to simply tag a host, device or user. Think of a tag as a label or metadata string associated with a host, device or user that can be used to quickly create policies based on entities that have a specific tag associated with them. In some ways, they work like hashtags on social media posts––they allow you to quickly find (and act on) users and their devices.

It’s easy and quick to create a tag and associate it to a policy. For example, by creating a “student” tag, an administrator can associate that tag to policies specifically designed for students (as opposed to teachers, staff or visitors). Tags can be applied manually by the administrator, or can be applied automatically based on conditions. In this example, a student logging in to the Wi-Fi captive portal could have that tagged BYOD device automatically associated to the student policy every time the student brings that device to campus.


Triggers are an administrator’s best friend. Triggers allow the admin to tag hosts, devices, and users when specific events occur. The admin can then create policies and rules to manage behavior. Similar to alert rules, trigger rules evaluate all events and can be configured to tag or untag entities based on the rules applied. For example, if a user visits a suspicious website, the administrator can set up a trigger to automatically tag that user as “suspicious activity”. The administrator can automatically have an alert triggered by any event with the “suspicious activity” tag. Once tags and triggers are configured, they proactively manage devices, hosts and users without intervention by the network administrator. Think of tags and triggers as IT superpowers!

OpenVPN Advanced

The OpenVPN application now has an “Advanced” tab to allow administrators to override Untangle’s OpenVPN configuration. This provides advanced users the option to edit and customize their OpenVPN configuration to their liking, while still ensuring all traffic––remote or local––is filtered through Untangle. Note: The “Advanced” tab in OpenVPN is not supported by the Untangle support team. Please be sure to read the OpenVPN documentation.

Captive Portal

Captive Portal can now use MAC addresses to track devices. Previously, Captive Portal could only track IP addresses, forcing users to reauthenticate when they disconnect and reconnect to the network throughout the day (like closing a laptop and reopening it). This new feature now tracks the device by its MAC address, ideal for small offices or branch offices that have a high turnover of users connecting to the network. For example, a company with a BYOD program has the same employees connecting each day. Instead of the employee having to reauthenticate every time they access the network, Captive Portal recognizes the device by its MAC address and applies the necessary policies.

Turris Omnia

The NG Firewall firmware distribution now supports the Turris Omnia router available in Europe.

Other Updates

    • Web Filter Lite is now officially removed and will no longer appear upon upgrade
    • Wireless support now includes 802.11ac
    • OpenVPN is now on version 2.4.0 (by WebFool)
    • Host and device table cleanup logic improved to prevent stale entries from polluting reports
    • Device table now has an explicit field for username and hostname set by the admin
    • The ASUS AC88U router is no longer supported
    • All list of fixes and updated can be found here