New! NG Firewall v13

Eliminate Bufferbloat; New User Tracking, Tags & Triggers

NG Firewall version 13.0 is the latest major release. This release includes a new, responsive, and URL-routing administrative interface, as well as user tracking, tagging and trigger rules. In addition, v13 tackles bufferbloat, ensuring optimal bandwidth utilization. An overview of all the changes in v13 are listed below.

We have a variety of version 13 video resources to help you understand the key updates in this release. You can find all the version 13 video resources below.

New Administrative Interface

Over the last several releases of NG Firewall, we’ve made drastic improvements to the usability and performance of our administrative user interface––all with the goal of making your job as network administrator easier.

With v13, we’ve further updated the UI to load, render and respond more quickly. Additionally, we’ve made a few key enhancements to make the UI behave more like a web application and less like an installed app. We’ve removed “modal” windows, and also now provide URL routing, allowing you to use the browser’s back button like you would expect. You can also share direct links to specific application pages with others, whether you wish to share a report or show another admin a specific configuration tab.

A few other changes include:

  • The new default skin is no longer the “rack” look, but is now a simplified, modern presentation style.
  • The dashboards and charts have been updated to be faster and easier to read.
  • There is a new rule builder that enhances your user experience.


We hope you’ll be as excited as we are about these changes as we continue to streamline the user experience with the goal of providing you with the easiest, most powerful unified threat management solution on the planet.



Interactive internet applications like VOIP and gaming rely on performant networks. However, performance is dependent on each piece of networking equipment along the path that the traffic travels. Unfortunately, some equipment manufacturers trying to help solve the problem have actually made it worse by including overly large buffers (places to temporarily hold incoming or outgoing data).

In a nutshell, bufferbloat is simply poor latency caused by excess buffering in networking equipment. In situations where you have a fast local area network connected to a slower internet connection, the buffer will likely fill up quickly and users will begin to experience latency. For example, one user on the network might be uploading a file, filling up the buffer quickly, while another user attempts to make a VoIP call. While the VoIP call does not require as much bandwidth as the upload, the VoIP call will be impacted significantly by the latency due to the upload filling up the buffer.

Untangle now solves this problem by supporting a queueing algorithm that optimizes bandwidth and QoS to enforce a controlled delay. NG Firewall, if configured to do so, can act as the buffer. It will use the new queuing algorithm, QoS and bandwidth control to manage traffic so the VoIP call’s latency is reduced and, at the same time, ensure that the upload continues with minimal impact.


User Tracking, Tags and Triggers

User Tracking

Untangle has added a “User” table to complement the other 3 major tables: Sessions, Hosts (IP addresses), and Devices (MAC addresses). Each of these tables house information on all the entities on the network. The User table stores the usernames that are connected to the network. This new addition enables quotas to be enforced via usernames and not just by device.


Tagging is a new feature that allows administrators to simply tag a host, device or user. Think of a tag as a label or metadata string associated with a host, device or user that can be used to quickly create policies based on entities that have a specific tag associated with them. In some ways, they work like hashtags on social media posts––they allow you to quickly find (and act on) users and their devices.

It’s easy and quick to create a tag and associate it to a policy. For example, by creating a “student” tag, an administrator can associate that tag to policies specifically designed for students (as opposed to teachers, staff or visitors). Tags can be applied manually by the administrator, or can be applied automatically based on conditions. In this example, a student logging in to the Wi-Fi captive portal could have that tagged BYOD device automatically associated to the student policy every time the student brings that device to campus.


Triggers are an administrator’s best friend. Triggers allow the admin to tag hosts, devices, and users when specific events occur. The admin can then create policies and rules to manage behavior. Similar to alert rules, trigger rules evaluate all events and can be configured to tag or untag entities based on the rules applied. For example, if a user visits a suspicious website, the administrator can set up a trigger to automatically tag that user as “suspicious activity”. The administrator can automatically have an alert triggered by any event with the “suspicious activity” tag. Once tags and triggers are configured, they proactively manage devices, hosts and users without intervention by the network administrator. Think of tags and triggers as IT superpowers!


OpenVPN Advanced

The OpenVPN application now has an “Advanced” tab to allow administrators to override Untangle’s OpenVPN configuration. This provides advanced users the option to edit and customize their OpenVPN configuration to their liking, while still ensuring all traffic––remote or local––is filtered through Untangle. Note: The “Advanced” tab in OpenVPN is not supported by the Untangle support team. Please be sure to read the OpenVPN documentation.


Captive Portal

Captive Portal can now use MAC addresses to track devices. Previously, Captive Portal could only track IP addresses, forcing users to reauthenticate when they disconnect and reconnect to the network throughout the day (like closing a laptop and reopening it). This new feature now tracks the device by its MAC address, ideal for small offices or branch offices that have a high turnover of users connecting to the network. For example, a company with a BYOD program has the same employees connecting each day. Instead of the employee having to reauthenticate every time they access the network, Captive Portal recognizes the device by its MAC address and applies the necessary policies.


Turris Omnia

The NG Firewall firmware distribution now supports the Turris Omnia router available in Europe.


Other Updates

    • Web Filter Lite is now officially removed and will no longer appear upon upgrade
    • Wireless support now includes 802.11ac
    • OpenVPN is now on version 2.4.0 (by WebFool)
    • Host and device table cleanup logic improved to prevent stale entries from polluting reports
    • Device table now has an explicit field for username and hostname set by the admin
    • The ASUS AC88U router is no longer supported
    • All list of fixes and updated can be found here


Pricing & Availability

Untangle NG Firewall version 13 is available as a free download. Current Untangle customers will be able to upgrade seamlessly at no charge.

Join us for the Community Webinar: v13 on May 24, 2017 at 10 AM PT. Register here.

More Info