Tweet
Greetings. I am in the midst of evaluating Untangle NGFW. This will be my second round of this. (A prior client considered it a non-starter for their home-based employees due to the lack of MDNS.) I have a very specific set of requirements against which I am evaluating this solution. They're pretty standard.
Putting the unnecessary complexity aside (on a personal level, I think that having to go to multiple places for simple routing rules is nuts), I came across a very interesting problem that I am convinced must be my lack of in-depth knowledge of this solution. It's such a simple requirement, my initial thought when I read it was, "of course it can do this."
The client wants to exclude the majority of active hosts from having an ability to ping. What I did to solve this seemed pretty straight-forward until I read more about Untangle. I can easily build this rule by using /config/network/advanced/access rules and then "allowing" only clients with a specific tag to access ICMP. This works. But I read that access rules should only be used as a last resort. This makes sense to me.
So, I removed that rule, disabled the ICMP allow rule in access rules, and then added an equivalent to config/network/filter rules. This does not work. When enabled, ICMP is not allowed. I left that rule there and then added an equivalent rule to apps/firewall/rules. This also did not work.
What am I missing here?
Thanks in advance!
Putting the unnecessary complexity aside (on a personal level, I think that having to go to multiple places for simple routing rules is nuts), I came across a very interesting problem that I am convinced must be my lack of in-depth knowledge of this solution. It's such a simple requirement, my initial thought when I read it was, "of course it can do this."
The client wants to exclude the majority of active hosts from having an ability to ping. What I did to solve this seemed pretty straight-forward until I read more about Untangle. I can easily build this rule by using /config/network/advanced/access rules and then "allowing" only clients with a specific tag to access ICMP. This works. But I read that access rules should only be used as a last resort. This makes sense to me.
So, I removed that rule, disabled the ICMP allow rule in access rules, and then added an equivalent to config/network/filter rules. This does not work. When enabled, ICMP is not allowed. I left that rule there and then added an equivalent rule to apps/firewall/rules. This also did not work.
What am I missing here?
Thanks in advance!
Comment