Upon installation and inspection of

Upon installation and inspection of the Firewall Application in Untangle, I was surprised to see that the “Default Action” is set to Allow and no firewall rules were enabled by default! There are three default firewall rules but none are enabled. Apparently Untangle has had several comments and questions regarding their decision to deliver the application with these defaults set as I found an explanation in the FAQs section of the help link on the firewall management page. Their argument is that if Untangle is acting as your router, it is performing Network Address Translation (NAT) which protects your network from most threats. In addition, if you are using Untangle in the transparent bridge mode, they ASSUME that your Untangle server is behind a firewall which protects you from most threats… They provide the same arguments for why the Default Action is set to Allow.

I am not a network engineer, but according to my rudimentary understanding of how NAT works, if the destination port of packets coming from an external network is not found in the translation table, the packet is supposed to be dropped or rejected because the Port Address Translation (PAT) does not have a destination to send the packet to.

As a software appliance that is aimed to help protect and control your network, I was expecting the default settings for the firewall to be deny all, allow by exception, as most security professionals consider this to be a security best practice.

As far as the firewall rule management goes, Untangle provides a very clean interface with the firewall “racked” on the appliance’s virtual rack. Administrators can add/enable/disable rules, set default actions, and view event logs. Rule creation allows for the defining of: descriptions, actions to be taken (Block/Pass), set logging, filtering by traffic type (TCP, UDP, Both, Any), source and destination interfaces/addresses/ports.