13.1.0 Changelog

From Edge Threat Management Wiki - Arista
Revision as of 18:12, 2 October 2017 by Dmorris (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


13.1 is a major new release. It contains a new app, improvements to some apps, and general usability improvements.


v13.0 brought us a whole new user interface. Since then we've had months of great feedback from users and found many usability issues. v13.1 has lots of quality-of-life usability improvements. There are also many performance improvements to make the UI faster and more responsive.

Now all user interaction (quarantines, reports, etc) use the new architecture. The old administrator interface has been removed.

Tunnel VPN

Tunnel VPN is a new application that allows your Untangle server to connect to remote VPN providers and leverage that tunnel for internet connectivity. This is useful for many scenarios:

  • SD-WAN applications where you wish to connect to a cloud security service.
  • Easily manage many small locations by redirecting all traffic through a central location.
  • Privacy or circumventing Geographical limitations

Some examples:

  1. Configure an Untangle at a small branch office to connect to your main site and send all internet traffic through the main site (for security, control, and reporting).
  2. Configure some traffic (public guest wifi) to be sent to a cloud security provider for special handling
  3. Configure traffic to use a Tunnel VPN privacy for certain privacy concerns, like visiting certain websites or using certain applications like bittorrent.

There is a configuration wizard to configure tunnel to many providers like another Untangle server, ExpressVPN, NordVPN, etc. There is also generic options which support mostly commonly available OpenVPN-based providers.

While many routers provide the ability to use VPN tunnel for internet connectivity, Tunnel VPN provides some unique ways determine what traffic uses the tunnel. A ruleset determines which traffic is sent through the tunnel which can be crafted to send all traffic or any given interface, host, subnet, port, etc.

Additionally, Tunnel VPN rules can leverage tags on hosts to determine which traffic uses the Tunnel. This allows for advanced dynamic scenarios based on tag usage. For example, if a user visits a certain website or uses a certain protocol, like bitorrent, the host can be tagged and automatically switched to using the Tunnel VPN. Once the application usage stops the tag will expire and the host will automatically switch back to regular routing.

This provides a hands-off way for Tunnel VPN to dynamically react and route traffic through Tunnel VPNs based on any taggable event or activity.

Captive Portal

Captive Portal now has the ability to authenticate users via google, facebook, or office365 accounts.

In this mode, the user will be redirected to the appropriate login (google, facebook, office365) and will authenticate directly with those servicse. This allows organizations using these services to easily authenticate and identify users without having to maintain separate directories for Captive Portal.

It also allows those offering public wifi services a way to easily identify and track users.

Also added the ability to redirect to a hostname instead of the local IP. This will help avoid one of the two of the cert warnings for those with a valid certificate and using HTTPS on the login page. When using the hostname it is the administrator's responsibility to ensure that the hostname properly resolves to the correct IP (the local Untangle IP) on all local networks!

Application Control

Improved detection and over 350 new applications added including AIRBNB, FACETIME, SLACK and also many new adult-related applications like PORNHUB, YOUPORN, 4CHAN, etc.

Text-Based Administration Interface

13.1 adds a new "text based" administration interface. This text based administration can be accessed through the local console by using the "Recovery" button or through a special boot option on bootup or through the serial console, if the server has a serial port.

Untangle is and has been for a long time the only firewall to provide a local visual interface on the console. This is important because Untangle is designed to be easy to use and often just plugging in a keyboard and mouse and configuring the server is the easiest way to setup a new server or during emergencies access the interface.

However, there are often cases where it is actually easier to do the more traditional approach of configuring the address of the device and then continuing administration and configuration remotely from another device through the web administration.

In some cases Untangle does not properly recognize or support the video configuration so local visual administration is impossible. Also on many devices, specifically smaller networking devices, VGA/HDMI is not even present.

Now for these scenarios the text administration can be used to remap and assign interfaces the proper addresses so that the normal web administration can be used remotely.

The "admin" password is now required for access to the text-based administration (which now replace the recovery utilities).

Other Changes

  • Input Filter Rules have been renamed "Access Rules" (to avoid confusion with Forward Filter rules)
  • Forward Filter Rules have been rename "Filter Rules"
  • Security improvements
  • New "Month to Date" and "Week to Date" report template timeframes
  • Add "Client Tagged" and "Server Tagged" conditions to iptables-based rules
  • Change the sorting in Reports
  • AdminLoginEvent is now logged normally and can trigger alerts
  • Improvements to IPsec with dynamic IPs and status display