Untangle Administrative Services - Untangle Network Security (2014)

Untangle Network Security (2014)

Chapter 13. Untangle Administrative Services

This chapter will cover the applications that can be used to help administrators with their daily tasks. Untangle Reports is a necessary tool for every administrator, as it helps them to get an overview of what's going on in the network, and administrators can provide reports to non-IT staff such as the CEO. The Branding Manager helps organizations that prefer to customize their Untangle NGFW pages, which will interact with the end users to include the company-specific details and the support persons' contacts. Live Support allows the Untangle administrators to get help from Untangle support when they face an issue with their server. Configuration Backup provides an automated backup tool that stores Untangle NGFW configuration into the Cloud, which is a good place for off-site backups.

In this chapter, we'll cover the following topics:

· Untangle's Reports

· Untangle's Branding Manager

· Untangle's Live Support

· Untangle's configuration backup

Untangle's Reports

Untangle's Reports is used to help administrators monitor users' behavior and understand network usage. Also, it's a great tool to help administrators investigate security incidents. Untangle provides a summary, detailed, and reports per user.

Untangle's Reports application collects the application's event logs, which contain the real-time detailed data, and provides a summary report about the event logs' activity displayed in graphs and charts. Also, the detailed event logs can be accessed from Untangle's Reports application (if they are in the retention period range).

Untangle's Reports is available in PDF and HTML formats and can be automatically e-mailed to administrators.

Configuring the settings of Untangle's Reports

Untangle NGFW provides daily, weekly, and monthly reports. The reports generation schedule can be configured under Reports Settings | Generation.

· Daily Reports: These are the reports generated for the previous day. For example, the daily report generated on Monday will cover Sunday's events.

· Weekly Reports: These (including 7 days' data) will be created for the checked days of the week. For example, if Sunday and Wednesday are checked, you'll get two weekly reports, one from Sunday to Sunday and the other from Wednesday to the next Wednesday.

· Monthly Reports: If checked, a report that covers the previous month will be created on the first of each month.

· Generation Time: When Untangle NGFW generates reports, the generation process takes up resources on the Untangle server, which may slow down your network until it is finished. So, it's better to generate reports at non-working hours; 2 a.m. is the default value.

· Data Retention: This controls the duration for which the reports application will keep the event logs data that has been used on the generated reports on the server hard disk. Increasing the number will increase the amount of disk required to save the additional data. The default value of Untangle is 7, which can provide full details for weekly reports. For monthly reports, you'll need to change the value to 30.

Note

When you review reports that are older than the set value, you will be able to review the report summary but not the events' details as they would have been removed.

You can give users access to the generated reports by adding those users under Reports Settings | Email. The Email Reports option will send a summary PDF to the users, while Online Reports will give them access to the online reports.

Note

In addition to the administrators, reports can be sent to normal users.

You need to configure the e-mail settings by going to Config | Email to be able to send Untangle NGFW reports via e-mails.

Pressing the Add button will open a window where you can create the report users. The different configurations available on this page are as follows:

· Email Address (username): This is the e-mail address of the user who needs access to the reports. This e-mail address is used to send reports to the user and also to authenticate the user when online access is selected.

· Email Summaries: This determines whether to send a summary PDF report to this user or not.

· Online Access: This determines whether to give this user access to the online reports or not.

· Password: This is the password to be used by the user to access the reports. A password is required if online access is selected.

These configurations are illustrated in the following screenshot:

Configuring the settings of Untangle's Reports

The events are stored in CSV files, which are used by online reports to generate tables and graphs in the reports. Sending the CSV files to administrators allows them to keep track of all events and return the detailed events any time they wish. Untangle can send CSV files to the report users by checking the Attach Detailed Report Logs to Email (CSV Zip File) checkbox. The CSV files will be sent in the .zip format.

Tip

If you want to set a small data retention period for events located on the Untangle hard disk in order to ensure that your hardware performance is not degraded, and you also wish to keep the detailed logs for a longer period, you can use the attachment of CSV files feature to store the detailed events on an external storage device.

The Attachment size limit field sets the maximum size of the CSV ZIP file that can be attached to an e-mail. All e-mail servers have a maximum attachment size that they can accept. If the attached files are larger than this maximum size, the e-mail server will not accept the message. Therefore, you should limit the CSV ZIP file size to the maximum size that your e-mail server can accept. If the CSV ZIP file is larger than the Attachment size limit setting, the zipped file will not be attached and a warning will be appended to the e-mail:

Configuring the settings of Untangle's Reports

An example of Untangle Daily Report Summary is shown in the following screenshot:

Configuring the settings of Untangle's Reports

From the provided link, you can review the summary reports and the events details. The attached PDF only contains the summary reports, and the zipped file only contains the event logs. The following screenshot shows a summary report for the server-free memory from the PDF file:

Configuring the settings of Untangle's Reports

The following screenshot shows the detailed event logs from the Reports web page:

Configuring the settings of Untangle's Reports

The ZIP file contains the event logs for the different applications. Each application's events are collected under one directory. For example, Untangle's Paid Virus Blocker has three CSV files (ftp-events.csv, mail-events.csv, and web-events.csv). The three CSV files are stored under the untangle-node-commtouchav folder located inside the ZIP file. The following screenshot shows the mail-events.csv file opened in Microsoft Excel:

Configuring the settings of Untangle's Reports

Syslog is a way for network devices and *nix servers to send event messages to a logging server, which is usually known as a syslog server. For more information, visit www.networkmanagementsoftware.com/what-is-syslog. Untangle can send the events in real time to the remote syslog server. The syslog settings are located under Reports Settings | Syslog. You will need to configure the following options:

· Host: This is the hostname or IP address of the remote syslog receiver

Note

Don't set this to the Untangle server as this will cause your hard disk to fill up very quickly, and a server crash may occur.

· Port: This is the port used to send syslog messages to the remote syslog receiver. UDP 514 is the default syslog port.

· Protocol: This is the protocol used to send the syslog messages. UDP is the default protocol.

Note

Kiwi, which is available at http://www.kiwisyslog.com, is a common syslog receiver for Windows administrators, while RSYSLOG, available at http://www.rsyslog.com, is a common choice for the Linux administrators.

The following screenshot shows the syslog configurations on Untangle-03, which send the event logs to the syslog server located on ABC-EX01:

Configuring the settings of Untangle's Reports

The following screenshot shows the received syslog on 3CDaemon installed on ABC-EX01:

Configuring the settings of Untangle's Reports

By default, Untangle will show the reports with the client device's IP details. The device names can be used by Untangle in the reports if they are available for Untangle (for example, Untangle can identify the device name through its internal DHCP, DNS, or through the Directory Connector, and so on). However, you can manually map the IP address to hostnames under the Name Map tab.

Note

Adding a name map will not change the past reports; it will only affect the new events occurred after creating the name map.

To add a name map, press the Add button located under the Name Map tab. You will need to provide the client machine's IP and the name to be given to it.

Configuring the settings of Untangle's Reports

Viewing Untangle's Reports

Administrators can access the reports anytime via the View Reports button located under the Status tab. The reports page can also be accessed from outside the organization by using https://<IP address of Untangle external interface>/reports and from inside the company using http://<IP address of Untangle internal interface>/reports.

In addition to viewing the previously created reports, you can generate up to the moment partial report by using the Generate Today's Reports button located under the Status tab.

The Reports interface is easy to go through, and all you have to do is click on some hyperlinks; the Reports main page will open the last created report and show a summary of all events.

Viewing Untangle's Reports

A list of older reports can be accessed via the View Other Reports link. On clicking this link, View Report will display a specific report. Reports older than the retention period can be opened for viewing. However, only the summary report is available; any detailed events will not be available.

Viewing Untangle's Reports

Clicking on any node from the side menu will open this node-specific report. Each node will have a summary report displayed in charts and graphs, and also it will contain all detailed event logs. This report can be printed by clicking on the Print hyperlink. The Export Data button will output a CSV file with the application-specific events, as shown in the following screenshot:

Viewing Untangle's Reports

Branding Manager

Branding Manager allows you to rebrand user-facing components (including block pages, quarantine digest e-mails, and so on) by replacing all Untangle branding in all user-facing interactions with your company's logo, name, URL, and contact e-mail, which help you to provide the end users with a consistent look and feel between all your services, and the right contact details to call you when a problem arises.

Using Branding Manager, you can customize the following options:

· Logo: Replace the Untangle logo with that of your company. The recommended resolution for logos is 150 x 100; the maximum resolution is 166 x 100. All image types are supported, but using animation is not recommended as it may affect the PDF reports.

· Company Name: Replace the Untangle company name with your company name; all text fields have a limit of 256 characters.

· Company URL: Replace Untangle URL with your company URL.

· Contact Name: Enter the name of the Untangle administrator who should be contacted if a problem arises.

· Contact Email: This is the e-mail address of the contact person, as shown in the following screenshot:

Branding Manager

The modified settings will affect the following locations:

· Main GUI (virtual rack)

· Reports

· User-facing block pages (Web Filter, Spyware Blocker, and so on)

· Admin login page

An example of a customized block page is shown in the following screenshot:

Branding Manager

The following screenshot shows a customized admin login page:

Branding Manager

Live Support

Got a problem with your Untangle NGFW server and want expert help? Untangle provides commercial live expert technical support that will help you solve your Untangle NGFW issues. Untangle support will mainly help you with Untangle issues, but if the problem was somewhere else on your network, they can let you know what they think it is as well as make suggestions on how to fix it. However, they cannot help you do things such as reconfigure non-Untangle devices.

Note

If you are a nonpaid user and have a problem with your Untangle server, you can still open a support ticket to Untangle support, but they will serve you when there are no paid users on the queue.

In addition, when you purchase a paid application, you get premium support for this app.

When you have a problem, you can open a support ticket either through the Live Support application, by e-mail, by phone, or manually from the support page.

From the Live Support application, press the Get Support! button, which will open a new web page where you can create a new support ticket.

Live Support

In the support ticket, you will need to enter your e-mail address, subject, and a description of the problem. You'll also need to add the UID (for the Untangle team to validate your license and identify your server) and provide any attachments that can help the support team to understand the problem:

Live Support

This can also be done manually by browsing to https://support.untangle.com and selecting Submit a request.

Tip

The support web page includes some solved tickets that you can review before opening a new ticket.

You can reach the Untangle support via e-mail by mailing your problem (with the necessary details and your UID) to <support@untangle.com>, which will automatically create a support ticket.

Also, you can contact Untangle support by phone. Untangle support phone numbers are as follows:

· U.S. toll free: +1.866.233.2296

· International: +1.408.598.4299

· Australia: +61.2.9191.7458

· Brazil: +55.11.3711.9278

· Canada: +1.866.920.0791

· Mexico: +52.33.4624.2961

· New Zealand: +64.9.973.5893

· South Africa: +27.10.500.1963

· U.K.: +44.870.490.0619

· Skype users: untangle.skype

Untangle support is based in Sunnyvale, CA (USA), so support is available from Monday to Friday, 6 a.m. to 5 p.m., US Pacific time.

Note

In addition to the Untangle support, you can get help anytime through the Untangle forum, which is an active community full of members, including some of Untangle employees, who really want to help you.

Untangle can only support installation done with the standard installation path. Using expert installation, installing any additional software to the Untangle NGFW server or manually modifying your server using the command line will make your server ineligible for the support.

Configuration backup

In addition to the manual backup feature available under Config | System | Backup, Untangle provides an automated solution that backs up your Untangle NGFW server's configuration (with the exception of report data) every night and stores the backup on the Untangle data center. The Untangle Configuration backup is included in the Live Support license.

Tip

Remember that apart from this automated solution, you have an option to manually back up all your server configurations under the Config | System | Backup tab. Also, you have the option to back up individual applications' settings using the Import/Export buttons inside each application.

You can retrieve backups by accessing your Untangle account and selecting the Servers tab and then pressing View Backups. The backups will be listed by the date and time, as shown in the following screenshot:

Configuration backup

Clicking on the desired backup will download it. After downloading it, you can restore it by going to Config | System | Restore.

Note

Untangle officially supports restoring backups within the same version (for example, using the V10.2 backup with another V10.2 server). Restoring an old version to a new version within the same major version is also fine (for example, restoring from V10.1 to V10.2). Restoring from different major versions is not supported (for example, from V9 to V10).

The Status tab of the Configuration Backup application will show the date and time of the last successful backup, as shown in the following screenshot:

Configuration backup

The Event Log tab shows the time when a backup event occurred and whether it was successful or not, as shown in the following screenshot:

Configuration backup

Summary

In this chapter, we covered four Untangle applications. Reports collects applications' event logs and gives the administrator an easy-to-read summary report that is presented in charts and graphs, while the event logs are suitable for detailed information about a specific user/machine. Branding Manager allows the rebranding of pages that end users will interact with, such as the block page, which helps to give your users a consistent look and feel among your services and provides them with your contact details. Live Support is a paid service that lets Untangle help you when you have a problem with your server. Configuration Backup is an application that comes with the Live Support that will back up your configuration daily to the Untangle data center.

In the next chapter, we will cover some regulatory compliance that affects the IT field. Also, we will see the advantages of Untangle NGFW over its rivals. Eventually, we will introduce some case studies on how Untangle helped SMBs, not-for-profit, healthcare, education, and government organizations to achieve network security with minimal cost and minimal administration efforts.