Penetration Testing

Firewall Lab Setup: Untangle

What is a Firewall? a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet. Wikipedia

Firewalls are also categorized as network firewalls and firewalls depending on the host. Network firewalls filter and run on network hardware from two or more networks. Firewalls based on host computers run in and out of such devices and control network traffic.

Here are the major types of firewalls.

  • First-generation: Packet-filtering firewalls
  • Circuit-level gateways
  • Stateful packet inspection
  • Application-level gateway

Table of Contents

  • Downloading untangle-15.1.0-amd64.ova
  • Introduction of Untangle NG Firewall?
  • Creating Virtual Machin with VMWare Workstation
  • Configuration of Untangle
  • Configuration of Untangle APPS Part I: Web Filtering & SSL Inspector

Introduction of Untangle NG Firewall

Untangle is NGFW/UTM software, bringing together everything your network needs to stay healthy on one box: web content and spam filtering, virus scanning, VPN connectivity, multi-WAN failover capability and much more. With a web-based friendly interface to help you track and filter traffic in your network, it is essential for us to make deployment and management simple.

Requirement: Minimum 2GB RAM, Dual-Core processor, 8 GB hard drive space and minimum 2 LAN cards are required.

Creating a Virtual Machin with VMWare Workstation

Once untangle.ova file is downloaded Doble click and setup will start.

The Setup Wizard will open automatically when Untangle first boots.

Language selection

Before you begin the setup wizard, select your preferred language.

The next screen simply welcomes you to the Setup Wizard. Click next to continue. Untangle Software License click on Agree

Configure the Server, In the first step, you have set a password and select a time zone for the administrator account. The admin e-mail can also be listed for warnings and reports. Optional method of installation.

Now Click on Network Cards

Identify Network Cards, you can simply start with the next move if it’s an Untangle unit.

Note: Be sure that the physical network cards are configured with the right (wanted) interface if this is a custom server.

Configures Interface

The default selection is Auto (DHCP). The automatically assigned address is displayed if an address was successfully acquired. Otherwise, click Renew DHCP to acquire an IP address. Click Test Connectivity to verify Internet access

 

Configure your Internal network interface

Configure your “Internal” interface (and DHCP server and NAT configuration.) There are two choices NAT or Bridge.

Untangle is the edge unit on your network in router mode and acts as a firewall and router. In this case, you would need to correctly configure your external and internal interfaces for traffic to flow.

We must configure the internal interface and allow DHCP and NAT (Network Address Translation) with private static IP addresses to share one public IP on all the internal machines. It is generally called router mode.

In my testing lab I am not enabling DHCP

Automatic Upgrades are configured

If Automatic Upgrades is enabled, NG Firewall automatically checks for new versions and performs the upgrade.

In my testing lab I am not enabling “Connect to Command Center”

Setup Wizard – Finished That’s it!

Click on Go to Dashboard

Configuration of Untangle

In part one we are going to learn how to configure web filtering

Congratulations! Untangle is ready to be configured Click on Continue

The next steps include registration.

After finishing registration click on continue

Now installing the desired apps and possibly tuning the configuration of Untangle NG Firewall. In my testing Lab, I am going with Install the recommended APPS.

Recommended apps now installed as you can see on the screen and you can install available Apps as per requirements. On the Apps tab you will see the currently installed apps. 

Let’s come to the Dashboard of untangle & you can see almost all the information in one page.

To identify the configuration of Untangle network cards you can navigate to Config tab

The config tab holds all the settings related to configuration of the Untangle server itself and settings for components of the platform that apps may interact with.

Configuration of Untangle APPS Part I: Web Filtering

Let’s use the Windows 10 system as untangle client

This client is an internal system and we will set default gateway 192.168.2.1 <IP of Untangle firewall>.

Now you can see the Internet is working and Social networking site Facebook.com is opening.

Block Categories

Now come back to the Dashboard of untangle Firewall go to Apps > web Filter > Categories Tab > Social Networking

Categories Tab: Categories allow you to change which website categories are blocked or highlighted. Blocked categories show the user’s block page; flagged categories allow the user to access the site but will be secretly flagged as an infringement for event logs and reports. For all Web Filter options, these block / flag actions function the same way.

Now for our testing lab, we are going to block Social Networking Sites. And click on Save.

Now you can see on client system Social Networking Site www.facebook.com is blocked and not opening.

 

Lookup Site Tab

 

Now again come to the untangle Dashboard: app > web filter > Site Lookup

Lookup Site offers you the possibility to categorize a URL. A dialogue is generated by clicking on it. In the Web URL, enter the URL for the categorization of the URL and click search.

Now we are searching for www.hackingarticles.in site, click on the Search tab and see the result.

Block Sites Tab

Now again come to the untangle Dashboard: app > web filter > Block Site

Under Block Sites, you can add individual domain names you want to be blocked or flagged – just enter the domain name (e.g. youtube.com) and specify your chosen action.

We are going to block www.ignitetechnologies.in site

Click on add > and type your site which you want to block. Then click on done.

And then click on save.

Let’s check on the client System.

Type site www.ignitetechnologies.in and J Bingo now the site is blocked.

Pass Sites Tab

Now again come to the untangle Dashboard: app > web filter > Pass Sites

Pass Sites is used to pass content that would have otherwise been blocked. This can be useful in “unblock” pages, which are not blocked by block settings.

Also if blocked with category or individual URLs, domains which you add to the Passed Sites lists will be permitted-just add and save the domain. When the pass option is unchecked, the link can be blocked as though the entry is not open.

I am going to pass www.linkedin.com/ site as an example.

Click on add > type required site and Done.

Then click on save.

Now on client system, open browser and type www.linkedin.com/ in URL, see the resulting Site is opening.

Pass the Client

Let’s add another client and that client IP is 192.168.2.11 and default gateway is 192.168.2.1 untangle IP.

On this system, Let’s try to open www.linkedin.com site and see the result this site is under the web filter block category.

Now again come to the untangle Dashboard: app > web filter > Pass the Client

Pass Clients Tab: If you add an IP address to this list, Web Filter will not block any traffic from that IP regardless of the blocked categories or sites.

 Just add the IP 192.168.2.11 & Enable the pass option, then save the configuration as followed in the given image.

Now on the client system, open browser and type www.linkedin.com J bingo see the result this system is working perfectly from Pass Clients settings option.

About SSL Inspector

The SSL Inspector is a special application that allows other Untangle applications processing HTTP traffic to process encrypted HTTPS and SMTP processing applications to process SMTP also via SSL. The software does this by manually encoding and encrypting SSL traffic via the Untangle server for verification by certain applications and services.

Navigate to Apps > SSL Inspector; Turn ON the SSL inspector for the HTTP site.

Now let’s check on the client site, open browser and type any site name in URL.

Now you can see after SSL Inspector is enabled all sites are blocked.  

How these sites will work on the client system with SSL Inspector to continue on Configuration of Untangle APPS Part II.

Author: Rajesh Bora is a passionate Researcher and Technical Writer at Hacking Articles. He is a hacking enthusiast. Contact here