Set up of Untangle.



  • I am having a problem now,Untangle web filter is not blocking any website that i set to block.
    PS. this Untangle were built for use before. So i don't really have an idea how they set up this stuff and also the settings.
    I already follow the same set up before, prior the time it is working.
    Do i need to do any set up in router to make it work?



  • Make sure your proxy is pointing to the untangle ip.



  • @Hubtech We don't use proxy.



  • Untangle is in transparent mode then?



  • Yes it is.



  • I haven't used Untangle in that way before but I believe that it can only block when being used as a proxy and can only block HTTP not HTTPS which makes it a lot less useful than you would hope since nearly everything that you would want to block is HTTPS today.



  • I can now connect to internet but i cannot block youtube.com for example.



  • Do you have Active Directory?



  • @scottalanmiller No. its not connected in Active Directory



  • Do you have internal DNS at all? With AD you have to, without it it is optional.



  • @scottalanmiller No in this network we are not using AD. Computers network are Workgroup only.



  • But what about DNS? DNS is not related to AD other than AD relies on it. Many more networks have DNS than have AD.



  • it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
    the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip



  • @IT-ADMIN said:

    it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
    the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip

    Nothing makes them be admins more than in a domain environment. You can still lock them down the same in that way. More effort but same capacity.



  • @scottalanmiller but in domain environment, once you joint a machine into your domain and login as a limited users, they cannot do anything, in opposition to work group except if you change the local policy setting



  • i mean by : they cannot do anything ----> they cannot change the system setting



  • @IT-ADMIN said:

    @scottalanmiller but in domain environment, once you joint a machine into your domain and login as a limited users, they cannot do anything, in opposition to work group except if you change the local policy setting

    You can expose or lock out those settings in both settings. It's just manual in the workground setting. Definitely more work, a lot more work if you have a large number of users.



  • @Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.



  • @IT-ADMIN said:

    it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
    the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip

    Sorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.



  • @scottalanmiller said:

    @Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.

    We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"



  • @Joyfano said:

    @scottalanmiller said:

    @Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.

    We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"

    Does your Internet problems affect your domain? If so, how?



  • @Joyfano said:

    @IT-ADMIN said:

    it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
    the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip

    Sorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.

    Why not have the Wordgroup use the DNS from the AD then? Then you could use your DNS to block YouTube, Facebook, etc. But not MangoLassi, obviously 😉



  • @scottalanmiller said:

    Do you have internal DNS at all? With AD you have to, without it it is optional.

    We have Local Domain in our Network. Sorry my answer is not clear.



  • @scottalanmiller said:

    @Joyfano said:

    @scottalanmiller said:

    @Joyfano Any reason that they are avoiding a domain setup? You have hundreds of users, it seems like being on a domain would be very important.

    We are using Domain in our production area. It happen that we need to set up a workgroup network in case of emergency " you know we are always having an internet problem,so i think that set up would be appropriate for them"

    Does your Internet problems affect your domain? If so, how?

    Its not. But we used to transfer the computers to other network if the other internet provider is down.



  • @scottalanmiller said:

    @Joyfano said:

    @IT-ADMIN said:

    it is difficult to control a work group environment, because users are admin over their computers, so they can change proxy setting, your only solution is to set your proxy in transparent mode, the problem in this mode as Mr Scott mention, you can only block http not https,
    the other way to do web filtering is by DNS, so you can resolve youtube.com to your local ip or any private ip

    Sorry but we have around 10 computers only in Workgroup. I created a standard account for them so they still don't have admin access in computers.

    Why not have the Wordgroup use the DNS from the AD then? Then you could use your DNS to block YouTube, Facebook, etc. But not MangoLassi, obviously 😉

    We are using separate network for our Production who are doing online and Offline project.



  • @Joyfano said:

    Its not. But we used to transfer the computers to other network if the other internet provider is down.

    Sounds like this could be made more efficient. Why not have both ISPs available to all computers and switch using a router?



  • @Joyfano said:

    We are using separate network for our Production who are doing online and Offline project.

    You can keep on separate subnets and/or VLANs but still share DNS.



  • i think they have 2 diffirent remote location,



  • @IT-ADMIN said:

    i think they have 2 diffirent remote location,

    They do, but they walk in between. I'm not sure if they have connectivity between or not.



  • Thank you guys for all of your replies, Sad things i didn't got any chance to restore the correct settings of our Untangle due to lack of time to troubleshoot.
    After a long hour of Audit for our client Compliance.. Finally we don't have any major problem specially in IT department.
    Next project would be continuation of my last post about installing firewall using Linux and also set up of our Dokuwiki.


Log in to reply