FAQs: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
(20 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== General ==
== General ==


This section answers general questions about Untangle NG Firewall and how it works.
This section answers general questions about Arista Edge Threat Management NG Firewall and how it works.




=== What is Untangle NG Firewall? ===
=== What is NG Firewall? ===


Untangle Next Generation (NG) Firewall is a platform for deploying network based applications. The platform unites these applications around a common GUI, database and reporting. NG Firewall's applications inspect network traffic simultaneously, which greatly reduces the resource requirements of each individual application.  The NG Firewall platform currently supports many [http://www.untangle.com/index.php?option=com_content&task=view&id=86&Itemid=179 open source applications] and [http://www.untangle.com/index.php?option=com_content&task=view&id=383&Itemid=1364 commercial add-ons].
ETM Next Generation (NG) Firewall is a platform for deploying network based applications. The platform unites these applications around a common GUI, database and reporting. NG Firewall's applications inspect network traffic simultaneously, which greatly reduces the resource requirements of each individual application.  The NG Firewall platform currently supports many [http://www.untangle.com/index.php?option=com_content&task=view&id=86&Itemid=179 open source applications] and [http://www.untangle.com/index.php?option=com_content&task=view&id=383&Itemid=1364 commercial add-ons].
 
 
=== Is NG Firewall for home or business use? ===
 
Untangle is great for businesses and small home office networks. Untangle requires its own dedicated computer so it may not be a good fit for home where an extra computer is not available - it cannot be run on the same computer it is protecting.




=== Is NG Firewall hardware or software? ===
=== Is NG Firewall hardware or software? ===


Untangle NG Firewall is software that can be installed on standard Intel-compatible hardware, or you can purchase a hardware appliance [http://www.untangle.com/appliances/ directly from Untangle] with the software pre-installed. The minimum hardware requirements can be found [[Hardware Requirements|here]], and many Untangle partners offer a [[3rd_Party_Hardware_Vendors|pre-built systems]].
NG Firewall is software that can be installed on standard Intel-compatible hardware, or you can purchase a hardware appliance [http://edge.arista.com/appliances/ directly from Arista ETM] with the software pre-installed. The minimum hardware requirements can be found [[Hardware Requirements|here]], and many Arista partners offer pre-built systems.




=== Where does NG Firewall sit on the network? ===
=== Where does NG Firewall sit on the network? ===


NG Firewall should sit at or directly behind the network gateway in between your network and the Internet. Please see our [[Installation|installation guide]] for examples of where Untangle should be placed in your network.
NG Firewall should sit at or directly behind the network gateway in between your network and the Internet. Please see our [[Installation|installation guide]] for examples of where NG Firewall should be placed in your network.




=== Does NG Firewall use open source software? ===
=== Does NG Firewall use open source software? ===


Yes, NG Firewall uses several open source projects. We seek to offer the best technology in each of our apps whether or not that requires writing proprietary code, working with existing open source projects to combine the best features from multiple projects, adding missing features or simply optimizing them for the NG Firewall platform. The Untangle NG Firewall platform itself is a proprietary technology that was developed internally.
Yes, NG Firewall uses several open source projects. We seek to offer the best technology in each of our apps whether or not that requires writing proprietary code, working with existing open source projects to combine the best features from multiple projects, adding missing features or simply optimizing them for the NG Firewall platform. The NG Firewall platform itself is a proprietary technology that was developed internally.
 


=== Who owns my network data? Is it private? ===
=== Who owns my network data? Is it private? ===


You own 100% of your network data. Untangle does not have access to your NG Firewall or your network unless you explicitly authorize us by turning on remote support access in [[Config]] > [[System]] > [[Support]]. Your data is 100% private.
You own 100% of your network data. Arista ETM does not have access to your NG Firewall or your network unless you explicitly authorize us by turning on remote support access in [[Config]] > [[System]] > [[Support]]. Your data is 100% private.




Line 37: Line 33:
=== My separate internal networks can reach each other. Why? ===
=== My separate internal networks can reach each other. Why? ===


* By default, all NG Firewall interfaces can talk to each other. This is because, by default, NAT (Network Address Translation) is performed on traffic leaving the WANs only (not traffic between LANs). If you want them to be separate follow the documentation [[Network_Configuration#NAT|nat documentation]].
By default, all NG Firewall interfaces can talk to each other. This is because, by default, NAT (Network Address Translation) is performed on traffic leaving the WANs only (not traffic between LANs). If you want them to be separate follow the documentation [[Network_Configuration#NAT|nat documentation]].
 


=== How secure is NG Firewall by default? ===
=== How secure is NG Firewall by default? ===
Line 81: Line 76:
== Licensing and Subscriptions ==
== Licensing and Subscriptions ==


This section has answers to questions relating to purchasing, licensing and subscriptions to Untangle.
This section has answers to questions relating to purchasing, licensing and subscriptions.




=== How does NG Firewall licensing work? ===
=== How does NG Firewall licensing work? ===


NG Firewall licensing is done individually for each deployed NG Firewall server. One license '''cannot''' be shared across multiple NG Firewall servers. The pricing band is determined by the number of devices that are behind the Untangle server. Our current pricing model allows the purchase of a monthly, 1-year, 3-year or 5-year subscription.
NG Firewall licensing is done individually for each deployed NG Firewall server. One license '''cannot''' be shared across multiple NG Firewall servers. The pricing band is determined by the number of devices that are behind the NG Firewall server. Our current pricing model allows the purchase of a monthly, 1-year, or 3-year subscription.
 


=== How do I determine the correct pricing band? ===
=== How do I determine the correct pricing band? ===


NG Firewall products and services are priced by bands for different sized companies and networks. The appropriate band can be calculated by counting the number of unique devices behind NG Firewall on any given day. More explicitly, it is the number of unique IP addresses on any non-WAN (local) interface including VPN users seen from midnight to midnight the next day that have initiated a scanned TCP session to the internet. If the number of unique IPs is below the upper bound of the subscription band for that server it is fully compliant.
NG Firewall products and services are priced by bands for different sized companies and networks. The appropriate band can be calculated by the number of active devices on all local networks and VPN interfaces.
 
''Note:'' Bypassed devices are not counted. Bypass Rules can be added for devices that do not need Untangle scanning and services (printers etc) but still require internet access.


''Note:'' Bypassed devices are not counted. Bypass Rules can be added for devices that do not need NG Firewall scanning and services (VoIP devices, printers, and so forth) but still require internet access.


=== What happens if the number of devices on my network temporarily exceeds my licensed number of devices? ===
=== What happens if the number of devices on my network temporarily exceeds my licensed number of devices? ===
Line 100: Line 93:
For any device over the upper limit of the license count, their traffic will not be scanned by the paid applications. They will still be online and have full connectivity but will not receive the benefits of the paid application.
For any device over the upper limit of the license count, their traffic will not be scanned by the paid applications. They will still be online and have full connectivity but will not receive the benefits of the paid application.


=== Can I exclude devices from counting towards the license? ===
In some cases you may prefer to exclude devices such as printers or guest devices from consuming licensing of paid apps. The consequence is that bypassed devices can access the Internet but will not apply to the security layers provided by the paid apps. You can bypass devices based on IP address or you can bypass an entire network. For configuration details see [[Bypass Rules]].


=== How can I see how many devices are currently on my network? ===
=== How can I see how many devices are currently on my network? ===
Line 110: Line 105:




=== How do I purchase Untangle NG Firewall software? ===
=== How do I purchase NG Firewall software? ===
 
Currently there are two ways to make a purchase of NG Firewall software:
 
An '''off-GUI''' purchase is when you purchase a subscription directly from Untangle's store without being logged into an Untangle server. An '''off-GUI''' purchase results in a voucher you can redeem at any time, but keep in mind that until you redeem the voucher you don't have access to the purchased features. Additionally, it's important to note that your subscription expiration count-down starts from the day you purchase your subscription not the date you redeem the voucher. 


An '''on-GUI''' purchase is when you purchase from your NG Firewall Server directly. If you purchase via the '''on-GUI''' method, the store and the server should talk to each other and the server will automatically download the software you've purchased. We recommend that you use Firefox or Chrome when doing this process because some browsers (e.g. Internet Explorer) won't allow the store and the server to communicate, which causes the process to fail.
Log into your ETM Dashboard account, click '''GET STARTED''' in the top right-hand corner, and select '''Buy'''.


If you have any problems with either of these two ways to purchase, please contact support at 866.233.2296 option 2 or open a case at [http://support.untangle.com Untangle Support].
You can also contact our Sales department directly by phone at (877) 754-2986, option 2 or by email at [mailto:edge.sales@arista.com edge.sales@arista.com].




=== What happens if I stop paying Untangle for my subscription(s)? ===
=== What happens if I stop paying for my subscription(s)? ===


If you stop paying for your subscriptions any paid applications will stop working when your subscription ends. You will no longer be able to use anything but the applications in the [http://www.untangle.com/store/lite-package.html Lite Package] and will see '''No License Found''' on the faceplate of any paid applications. It's very easy to get your account back working again by contacting our sales department to renew your subscription and all of your previous settings will return.
If you stop paying for your subscriptions any paid applications will stop working when your subscription ends. You will see '''No License Found''' on the icon of any paid applications in the '''Apps''' page. It's very easy to get your account back working again by contacting our sales department to renew your subscription and all of your previous settings will return.




=== What's a UID? ===
=== What's a UID? ===


A UID (or Unique IDentifier) is a unique 16-digit alpha numeric code that identifies your Untangle NG Firewall Server. To determine your NG Firewall UID, go to '''Config''' > '''System Info'''.
Refer to the knowledge base https://support.untangle.com/hc/en-us/articles/201710527
 
* If you ''reinstall'' your NG Firewall, you will get a new UID, and you may need to transfer any previous subscriptions to be authorized for the new UID.
* If you ''reset'' to factory defaults, your NG Firewall maintains its UID.
 
The UID is also required by Untangle Technical Support and will help identify your server when you call for Technical Support.
 
=== What's a voucher? What's a voucher key? ===
 
A voucher is a "gift certificate" for a specific Untangle NG Firewall package or application. A voucher key is a unique alphanumeric code that enables you to redeem your voucher.
 
 
=== Can a voucher expire? ===


Yes, when you purchase a voucher you can select a monthly or yearly subscription that automatically renews. The subscription period begins as of the time the voucher was purchased, so it's important that you redeem that voucher as soon as possible to get the biggest "bang for your buck."
===What's a voucher and voucher key?===


 
Refer to [[All about vouchers]] for more details on vouchers & how to use them.
=== Why would I want to purchase a voucher? ===
 
* If you are an end-user but you currently don't have access to your NG Firewall a voucher provides you a way to purchase now and install at your convenience.
 
* If you are an Untangle Partner:
 
:* It's very efficient to purchase a set of vouchers using one transaction, and redeem the vouchers as you install NG Firewall.
 
:* If you do not intend to install the NG Firewall yourself you can simplify the installation process by sending the voucher to your customer.
 
:* If you're looking to court a customer a voucher is a wonderful gift; not as tasty as chocolate though not nearly as expensive as a diamond.
 
 
=== How do I redeem a voucher? ===
 
There are two ways to redeem a voucher.
 
First: (Primarily used if you were the purchaser of the voucher or have store account access to the account where the voucher was purchased)
# Log-in to your Untangle NG Firewall Server.
# From the Navigation pane, click on the '''My Account''' button on the bottom left.
# Log into your Store Account you used to purchase your Voucher.
# Click on the '''Subscriptions'''tab, then the '''Manage Vouchers''' button in the lower right corner.
# Check the box next to the voucher(s) you'd like to redeem.
# Click on the '''Redeem''' button. The software should automatically start to download and install.
 
Second: (Primarily used if you did not purchase the voucher through your store account)
# Follow steps 1-4 above.
# Click the link '''Enter and Redeem a New Voucher Key'''.
# Enter the voucher key(s) in the space(s) provided.
# Verify the UID, server description and the IP address of your server are correct.
# Click the '''Continue''' button. The software should automatically start to download and install.


=== Can I try NG Firewall or Applications before purchase? ===
=== Can I try NG Firewall or Applications before purchase? ===


Yes! We provide a suite of applications [http://www.untangle.com/store/lite-package.html free of charge]; all of our paid applications have a fully functional 14-day free trial available. During the trial period the faceplate of any trial mode applications will show '''xx Days Remaining''', this will switch over to '''Free Trial Expired''' once the trial period has ended. If you want to purchase an expired application it will retain your settings as long as you don't remove it from the rack.
Yes! All of our paid applications have a fully functional 30-day free trial available. During the trial period the icon of any trial mode applications will show '''xx Days Remaining''', this will switch over to '''Free Trial Expired''' once the trial period has ended. If you want to purchase an expired application it will retain your settings as long as you don't remove it from the rack.
 


=== Do my other applications still work after my trials expire? ===
=== Do my other applications still work after my trials expire? ===
Line 189: Line 136:
=== I just purchased a product, however it is still reporting as a trial version? ===
=== I just purchased a product, however it is still reporting as a trial version? ===


From your NG Firewall, click '''My Account''' on the lower left hand side of the web GUI and log into the store. Click '''My Subscriptions''', then select your product(s) and click '''Reinstall'''. You'll need to do this either from the actual NG Firewall box or through the network using Firefox or Chrome, Internet Explorer can have issues with this process.
If you have not yet assigned your subscription, do that first: [https://support.edge.arista.com/hc/en-us/articles/360018036573-How-to-assign-a-subscription-to-an-appliance How to assign a subscription to an appliance]


If you have assigned your subscription, you can ignore the warning that your trial will expire in X days. Once the trial ends, the subscription assigned 'behind' it will take over automatically.


=== How do I renew my subscription(s)? ===
=== How do I renew my subscription(s)? ===
 
Refer to the knowledge base at https://support.untangle.com/hc/en-us/articles/115012351228-How-to-renew-a-subscription
You can turn on auto renewal by logging into your store account, clicking '''My Subscriptions''', then modifying the '''Auto Renew''' field. If you have '''Auto Renew''' off, please follow these steps to renew a subscription:
 
# Log in to your [https://www.untangle.com/store store account] and click '''Renewals'''. Any subscriptions that are not enabled for renewal will display here.
# If your payment information needs to be updated, click on the "Provide your payment information" button, where you can update it.
# If your payment information is current, you can simply select the subscription(s) to be renewed and click the "Renew Selected Subscriptions" button. You'll see a confirmation message and receive an email with the details.
 


=== How do I unsubscribe or cancel my subscription(s)? ===
=== How do I unsubscribe or cancel my subscription(s)? ===
Line 211: Line 153:




=== I reinstalled my Untangle NG Firewall Server, why can't I reinstall my paid subscriptions? ===
=== I reinstalled my NG Firewall Server, why can't I reinstall my paid subscriptions? ===


Each NG Firewall has a '''UID''', or '''U'''nique '''Id'''entifier that is set during the install and never changed. If you reinstall your NG Firewall it will have a new UID and you'll need to ''transfer the subscription'' to the new UID to be able to download your subscription. Instructions on subscription transfer are [[#How can I transfer my subscription? | below]].
Each NG Firewall has a '''UID''', or '''U'''nique '''Id'''entifier that is set during the install and never changed. If you reinstall your NG Firewall it will have a new UID and you'll need to ''transfer the subscription'' to the new UID to be able to download your subscription. Instructions on subscription transfer are [[#How can I transfer my subscription? | below]].
Line 217: Line 159:


=== How can I transfer my subscription? ===
=== How can I transfer my subscription? ===
''Video for this process is available [https://support.untangle.com/hc/en-us/articles/201661956 here].''<br /><br />
'''IMPORTANT:''' Before transferring the subscription, be sure to download any backups from your store account at '''Appliances > Backups''' - once the transfer has been made you will no longer be able to access the backups of the old UID.  
 
'''IMPORTANT:''' Before transferring the subscription, be sure to download any backups from your store account at My Subscriptions > View Backups - once the transfer has been made you will no longer be able to access the backups of the old UID.  
<br /><br />
<br /><br />
Steps to transfer the license to the new server. <br />
Steps to transfer the license to the new server. <br />
Line 255: Line 195:




=== Does Untangle support dual WAN or WAN failover? ===
=== Does NG Firewall support dual WAN or WAN failover? ===


Yes! For information on Multi-WAN, see [[WAN Balancer]] for Load Balancing and [[WAN Failover]] for failover.
Yes! For information on Multi-WAN, see [[WAN Balancer]] for Load Balancing and [[WAN Failover]] for failover.

Latest revision as of 17:49, 7 February 2024

General

This section answers general questions about Arista Edge Threat Management NG Firewall and how it works.


What is NG Firewall?

ETM Next Generation (NG) Firewall is a platform for deploying network based applications. The platform unites these applications around a common GUI, database and reporting. NG Firewall's applications inspect network traffic simultaneously, which greatly reduces the resource requirements of each individual application. The NG Firewall platform currently supports many open source applications and commercial add-ons.


Is NG Firewall hardware or software?

NG Firewall is software that can be installed on standard Intel-compatible hardware, or you can purchase a hardware appliance directly from Arista ETM with the software pre-installed. The minimum hardware requirements can be found here, and many Arista partners offer pre-built systems.


Where does NG Firewall sit on the network?

NG Firewall should sit at or directly behind the network gateway in between your network and the Internet. Please see our installation guide for examples of where NG Firewall should be placed in your network.


Does NG Firewall use open source software?

Yes, NG Firewall uses several open source projects. We seek to offer the best technology in each of our apps whether or not that requires writing proprietary code, working with existing open source projects to combine the best features from multiple projects, adding missing features or simply optimizing them for the NG Firewall platform. The NG Firewall platform itself is a proprietary technology that was developed internally.


Who owns my network data? Is it private?

You own 100% of your network data. Arista ETM does not have access to your NG Firewall or your network unless you explicitly authorize us by turning on remote support access in Config > System > Support. Your data is 100% private.


Technical

My separate internal networks can reach each other. Why?

By default, all NG Firewall interfaces can talk to each other. This is because, by default, NAT (Network Address Translation) is performed on traffic leaving the WANs only (not traffic between LANs). If you want them to be separate follow the documentation nat documentation.

How secure is NG Firewall by default?

NG Firewall has no open ports by default on WAN interfaces, and has HTTP and HTTPS open by default on non-WAN interfaces. If any ports are showing up as open from the outside, you've either set up a port forward for them or you've enabled HTTPS administration on WANs or NG Firewall is somehow misconfigured.


Does NG Firewall support VLANs?

Yes.

NG Firewall support both tagged (802.1q) VLANs and untagged VLANs.

Untagged VLANs are just separate networks on the same interfaces and can be handled by

  • Adding an alias to the appropriate interfaces (ie 192.168.15.1/24 to the Internal Aliases), effectively telling Untangle that this network range is local on this interface.
  • Adding a route so traffic for that subnet is routed appropriately (ie 192.168.15.1/24 is routed to "local on Internal (eth1)"

Tagged VLANs are handled by creating a separate VLAN interface in Config > Network. All traffic received on the configured Parent interface with the configured VLAN tag will be perceived to come from the VLAN interface. All traffic sent to the configured VLAN interface will actually be sent on the Parent interface with the configured VLAN tag.

See Network_Configuration#VLANs for more information.


Can I put a WiFi card in my NG Firewall?

Currently some wireless cards are supported. Unlike regular NICs, wireless support is much more problematic and complicated. If wireless is a priority we suggest looking at one of our appliances that comes with wireless support. If you want to build your own wireless server, be prepared for some research and trial and error to find a working setup. There is more information here: 11.1_Changelog#Wireless_Support.


How can I add a guest or private WiFi/WAP network to my NG Firewall?

You will need to disable DHCP on the wireless Access Point, give it an IP in the subnet of NG Firewall's interface you're plugging it into, and use a LAN port rather than a WAN/Uplink port on the AP, or disable NAT.

To add WiFi to your existing network, just plug the AP into a switch somewhere on the network. Please note if you have a combination WiFi AP/modem that NG Firewall sits behind, wireless traffic may bypass the NG Firewall and not be filtered. WiFi APs must be downstream of NG Firewall.

If you're looking for a guest WiFi network walled off from your private network, the easiest way is to plug the wireless AP into its own interface.


Does NG Firewall have high availability options or support automatic hardware failover?

As of version 10.1 NG Firewall supports High Availability through the use of VRRP. More information on VRRP configuration can be found here: Network Configuration - VRRP


Licensing and Subscriptions

This section has answers to questions relating to purchasing, licensing and subscriptions.


How does NG Firewall licensing work?

NG Firewall licensing is done individually for each deployed NG Firewall server. One license cannot be shared across multiple NG Firewall servers. The pricing band is determined by the number of devices that are behind the NG Firewall server. Our current pricing model allows the purchase of a monthly, 1-year, or 3-year subscription.

How do I determine the correct pricing band?

NG Firewall products and services are priced by bands for different sized companies and networks. The appropriate band can be calculated by the number of active devices on all local networks and VPN interfaces.

Note: Bypassed devices are not counted. Bypass Rules can be added for devices that do not need NG Firewall scanning and services (VoIP devices, printers, and so forth) but still require internet access.

What happens if the number of devices on my network temporarily exceeds my licensed number of devices?

For any device over the upper limit of the license count, their traffic will not be scanned by the paid applications. They will still be online and have full connectivity but will not receive the benefits of the paid application.

Can I exclude devices from counting towards the license?

In some cases you may prefer to exclude devices such as printers or guest devices from consuming licensing of paid apps. The consequence is that bypassed devices can access the Internet but will not apply to the security layers provided by the paid apps. You can bypass devices based on IP address or you can bypass an entire network. For configuration details see Bypass Rules.

How can I see how many devices are currently on my network?

In Config > About, the Current active device count shows the number of active devices currently on the network. Highest active device count since reboot shows the highest number of licensed devices that have been on the network since reboot.

An Alert will be shown if the your license is currently being exceeded. Remember, bypassed devices are not counted so you can manage your device count with Bypass Rules.

At the top of the rack the number of currently knows hosts is shown above "Hosts." Clicking on this number or selecting "Show Hosts" in the drop down menu at the top of the rack will show the list of currently known devices. However, not all known devices are counted against licenses. If you use a drop down in one of the columns at the top and display the "Active" column you can see which hosts are counted as active. Only active hosts are the only hosts counted towards the license limit.


How do I purchase NG Firewall software?

Log into your ETM Dashboard account, click GET STARTED in the top right-hand corner, and select Buy.

You can also contact our Sales department directly by phone at (877) 754-2986, option 2 or by email at edge.sales@arista.com.


What happens if I stop paying for my subscription(s)?

If you stop paying for your subscriptions any paid applications will stop working when your subscription ends. You will see No License Found on the icon of any paid applications in the Apps page. It's very easy to get your account back working again by contacting our sales department to renew your subscription and all of your previous settings will return.


What's a UID?

Refer to the knowledge base https://support.untangle.com/hc/en-us/articles/201710527

What's a voucher and voucher key?

Refer to All about vouchers for more details on vouchers & how to use them.

Can I try NG Firewall or Applications before purchase?

Yes! All of our paid applications have a fully functional 30-day free trial available. During the trial period the icon of any trial mode applications will show xx Days Remaining, this will switch over to Free Trial Expired once the trial period has ended. If you want to purchase an expired application it will retain your settings as long as you don't remove it from the rack.

Do my other applications still work after my trials expire?

Yes. All free applications in the Lite Package will never expire.


I just purchased a product, however it is still reporting as a trial version?

If you have not yet assigned your subscription, do that first: How to assign a subscription to an appliance

If you have assigned your subscription, you can ignore the warning that your trial will expire in X days. Once the trial ends, the subscription assigned 'behind' it will take over automatically.

How do I renew my subscription(s)?

Refer to the knowledge base at https://support.untangle.com/hc/en-us/articles/115012351228-How-to-renew-a-subscription

How do I unsubscribe or cancel my subscription(s)?

You can turn off auto renewal by logging into your store account, clicking My Subscriptions, then modifying the Auto Renew field.


Why is my renewal date not changing after I renewed my subscription?

If your subscription is enabled for renewal but the renewal date still shows the same date as before, don't worry - because we don't charge your account for the subscription renewal until the renewal date, the renewal date will not change until that charge takes place. For example, say you enabled a subscription for renewal with a renewal date of November 11, 2010. On November 11 we will charge your account for the cost of the renewal and update your renewal date to November 11, 2011. If your subscription does not appear when you click Renewals in your store account it is already enabled for renewal.


I reinstalled my NG Firewall Server, why can't I reinstall my paid subscriptions?

Each NG Firewall has a UID, or Unique Identifier that is set during the install and never changed. If you reinstall your NG Firewall it will have a new UID and you'll need to transfer the subscription to the new UID to be able to download your subscription. Instructions on subscription transfer are below.


How can I transfer my subscription?

IMPORTANT: Before transferring the subscription, be sure to download any backups from your store account at Appliances > Backups - once the transfer has been made you will no longer be able to access the backups of the old UID.

Steps to transfer the license to the new server.
1. Login to the store with the store account.
2. On the top menu, click Subscriptions.

Remove Subscriptions
Remove Subscriptions

3. Click the Name/UID link for the subscription you want to transfer.
4. This will remove the subscription from the appliance. Click Remove to confirm. Once removed, the subscription becomes a voucher available for use on another NG Firewall UID.
5. To add the license to another NG Firewall UID, click the unassigned link on the Subscriptions tab.

Click Unassigned
Click Unassigned

6. Select a device from the list to transfer the subscriptions to and click Add.

Add Subscription
Add Subscription



Networking

This section has answers to common networking questions. You'll want to take a look at our User Guide and Network Configuration for more information on general network settings.


If I am using NAT, how can I provide access to a web server on the internal network?

  1. If the web server is using DHCP, it should be assigned a static address or a static DHCP lease.
  2. Create a port forward rule for all incoming traffic on port 80 to your web server as discussed in Port Forward Rules.

Why can only some of my subnets access the Internet?

NG Firewall needs to know about the other subnets in order to correctly route traffic to them; this can be done in several ways:

  • Give NG Firewall an alias on each subnet at Config > Networking for that interface. Make sure to use a reall, unused IP, not x.x.x.0.
  • Alternatively, if your subnets are close (e.g. 192.168.1.x, 192.168.2.x) you can expand NG Firewall's netmask on that interface.

If your other subnets are behind a different internal router, you'll probably need to add routes pointing the subnets to that router.

Read Network_Configuration and Installation for more information.


Does NG Firewall support dual WAN or WAN failover?

Yes! For information on Multi-WAN, see WAN Balancer for Load Balancing and WAN Failover for failover.


Can I use OpenDNS with NG Firewall?

We've seen a lot of confusion regarding OpenDNS - many of our customers want to use OpenDNS as a "second layer of protection." While this is all well and good, most of the time we see people putting OpenDNS's servers on NG Firewall's External interface, which isn't the right way of going about it. We always recommend using your ISP's DNS servers on any WAN interfaces of NG Firewall. We do not recommend using OpenDNS, public, or internal DNS servers as they can hamper the effectiveness of Spam Blocker and sometimes the performance of Web Filter.

If you want to use OpenDNS with NG Firewall, you should hand out OpenDNS as the DNS servers for the end users only. To do this, set the OpenDNS DNS server as the "DNS Override setting in your DHCP settings on your internal interface(s).

This way, NG Firewall will hand out OpenDNS to the clients it gives DHCP addresses. If you're running your own DHCP server, you'll need to figure out how to make the change for your particular server software.


Updates

These FAQs explain how updates are performed.

How do I check for updates? Is this automatic?

NG Firewall automatically performs and installs definition updates for all applications; you can modify the platform updates settings at Config > Updates > Update Settings. If you turn Automatic Updates off, you will still receive definition updates, however platform updates will not automatically be applied.


How do I know if updates are available for download?

The Config > Upgrades button will light up when upgrades are available, just click it and follow the prompts to upgrade.

VoIP

These FAQs explain how NG Firewall handles VoIP traffic.


How does NG Firewall handle VoIP traffic?

Most VoIP traffic is automatically bypassed from scanning by default because it is sensitive to latency. It is recommended to manually add bypass rules for non-standard VoIP installations.


After installing NG Firewall, my VoIP doesn't work. Why?

Verify your VoIP devices are set to do NAT Traversal themselves - if they are not, you can try enabling the SIP Helper at Config > Networking > Advanced > General.