Please share with the community what you think needs improvement with Untangle NG Firewall.
What are its weaknesses? What would you like to see changed in a future version?
They do not offer 100% of the features that we need. The biggest challenge that we have with this solution is local support. The local support is a problem in our area.
They don't have any feature that allows you to drop the session. If you log in and you see your ARP table with many connections and you want to drop one for some reason or another, such as troubleshooting, or It's an employee that shouldn't be online and you want to remove them, you don't have the ability to click on a session and terminate it.
The common center facility that Untangle provides should be available on-premises. There are great corporations here in Mexico that like the Untangle solution, but they don't like the fact that the monitoring and access to the appliance are in the cloud. They request for the common center facility to be available and installed on-premises.
We seek the availability of the hardware in our region. The hardware-based firewall from Untangle is currently not available in our region. It should have threat protection on a real-time basis. This feature, available in Check Point and Sandstorm kind of scenario, is currently missing in Untangle NG Firewall.
The pricing should be reduced because it is expensive.
At this stage, I think the SSL decryption option can be streamlined. I think decryption transparency could be improved because you basically click a button and then you set up one rule-set and that's about it. I've noticed there's a problem on some sites where it doesn't do the proper decryption. I actually had to go through the application control module, and logs to see what was happening, and why some sites could not function, before I could decipher that it was the SSL decryption that was blocking the sites. I would like to see more hands-on configuration in that respect.
The web content filtering needs improvement.
The pricing is not as good as it was some time ago. They've since skipped offering a lot of individual features. In the future, Untangle should offer a web server feature. That's the only application Sophos gave us which Untangle doesn't have.
The hardware can be improved. Now, we're using hardware appliances. In terms of processing power, I think it can actually be improved further, because, in terms of the number of requests, especially if you are using web filtering, the number of requests that should be coming onto the appliance is quite large and it needs a bit more processing power. If the solution included a unified device tracker and management, that would be great. So that we could actually include other endpoints, like our laptops, or mobile devices. We need something to help in terms of mobile device management. I think it's one critical feature which is required by another interface because people are now bringing their own devices to the workplace to get services. I think MDM is quite critical to be included in that.
There quite a number of modules I've not used. For the web filter, I think they can do better especially on the free model. They have a free and a licensed model. If you use the free model, is not that effective. You have to use the commercial module for you to get effective results. Functionality wise, they should try to put more options on some of the modules like web filtering capability. I know it has the capability to block specific IPs but I have not seen the capability to block a specific range of IPs. For example, you want to block a range of between 50 and 100 of an IP, I haven't seen that capability. I believe there are more functionalities which they can improve and prevent for security and management of internet within a corporate environment. For example, I've seen firewalls where, let's say for example there's an infected machine within your network, they give you an alert or automatically block it from your network or mailing system. There're a number of functionalities missing in Untangle. It needs improvement but I believe every solution needs improvement.
It would be much easier if there was a mobile app.
The ability to setup a DDNS for each WAN independently would be a very handy feature.
I'm researching Untangle as an option for a firewall. Many people are using it - is it good/bad?