Untangle Configuration Using GUI - micahgrinnell/CC-Capstone-Project GitHub Wiki

Overview

The steps that are shown below outline the complete process I took to configure Untangle for a 4 port Protectli device. This guide is for those who want to manually configure pfSense through the web interface rather than use scripts. If you don't fall under that category, go back one page or you can find the Untangle Configuration Using Scripts guide here.

Manual GUI Configuration

  1. You will first be prompted to create an Untangle account
    • This unlocks a few important features, so do this now
  2. Once you register it will ask about installing applications
    • select Install apps manually
    • If using the free version, install all free apps:
      • Firewall
      • Intrusion Prevention
      • Phish Blocker
      • Virus Blocker Lite
      • Ad Blocker
      • Application Control Lite
      • Spam Blocker Lite
      • Web Monitor
      • OpenVPN
    • If using the paid version, install all apps that would be useful for your network
  3. Go to the Config tab and select Network
    • On the interfaces page, double-check that the interfaces and IP addresses matchup
    • Go to the Hostname tab and choose a new hostname
    • At this point we are leaving Domain Name blank, but you can fill it in if need be.
  4. Go to NAT Rules tab and press the + Add button
    • Description: "LAN to WAN"
    • Add Condition:
      • Source address: 192.168.2.0/24 (network address)
      • Destination Interface: Any WAN, External
    • NAT Type: Custom
    • New Source: 10.0.0.39 (WAN interface address)
  5. If you want to add Bypass or Filter Rules or Routes, do so now
    • I have no need for these right now so I will skip them
  6. Go to DNS Server tab and press the + Add button under 'Static DNS Entries'
    • Name: Google | Address: 8.8.8.8
    • If you have a DNS server within your private network add it now
  7. Since the Untangle device is a DHCP server already I will skip this tab
  8. Under the Advanced tab, go to Access Rules
    • Enable 'Allow SSH' and change Destination Port if you so desire (I will leave at 22 for accessibility, but this is not recommended)
  9. Press 'Save' in the bottom right and wait for the saving to finish
  10. Go back to Config tab, then Administration
    • Add a named admin account and set a powerful password
    • Change admin password if you so desire (highly recommended)
    • 'Save' again
  11. We don't need to change anything under the Events, Email, Local Directory, or Upgrade tabs so we'll leave these be for now
  12. Now would be a good time to download a backup, but this is optional
    • Under the System tab go to Backup
    • Press Backup to File
  13. We are done with the general configuration so now we can look at the apps and their settings
    • Go to the Apps tab
  14. Apps that more than likely don't need additional configuration:
    • Virus Blocker Lite
    • Spam Blocker Lite
    • Phish Blocker
    • Ad Blocker (be sure it's turned on though)
    • Reports
  15. Apps that do or may need further configuration:
    • Firewall
    • Intrusion Prevention (be sure it's turned on)
    • OpenVPN
    • Application Control Lite
    • Web Monitor
  16. Configure Firewall:
    • Enable or add any rules that you may need
    • If you have any questions about firewall rules or don't know where to start I suggest this guide to get you started.
  17. Configure Intrusion Prevention:
    • Under Rules, enable Low Priority and Medium Priority, then save
  18. Configure Application Control Lite:
    • If there are any applications you would like to block on your network add Signatures for them now
  19. Configure Web Monitor:
    • If you want to analyze and log your network's web traffic or enforce network usage policies you can do that here
    • Restrict web traffic by category under the 'Categories' tab (block/flag social networking, shopping, etc.)
    • Restrict web access to specific websites under the 'Flag Sites' tab
    • Allow web access to specific websites under the 'Pass Sites' tab
    • Allow access to client networks without flagging under the 'Pass Clients' tab
    • Add more customizable web access rules under the 'Rules' tab
  20. Configure OpenVPN:
    • Enable OpenVPN
    • Under the 'Server' tab check the 'Server Enabled' option
    • Change the Site-Name to something more memorable
    • Keep Address Space the same and keep NAT OpenVPN traffic checked
    • Check 'Username/Password Authentication'
    • Authentication Method: Local Directory
    • In order to have anyone connect to the VPN, a Remote Client record must exist for that person/device
    • Add a client record with a unique name and use the default group for now
    • Press 'Save'
    • Click the download button below 'Get Client Configuration' for your new client
    • Copy the link that applies best to you (most of the time it will be the first option) and send it to the remote computer
    • Download OpenVPN and the Client Configuration file on the device you wish to connect with
    • Import configuration file
    • Connect!

This marks the end of the manual configuration via GUI guide. If you are stuck, confused, or have additional questions, I recommend taking the time to look through the Untangle wiki.