New in version 11.0

October 7th, 2014
  • Debian Wheezy and 3.2.0:
  • 11.0 is now based on debian wheezy (7.6) and the 3.2.0 kernel. This should provide better hardware support as well as slightly better performance. After upgrading from v10.x the 3.2.0 kernel will be booted after the first reboot.
  • Virus Blocker:
  • Virus Blocker is now based on a new commercial technology. More information coming soon.
  • Spam Blocker:
  • Spam Blocker is now based on a new commercial technology. More information coming soon.
  • Spam Blocker & Spam Blocker Lite now have an option to automatically bypass TLS sessions. Additionally, each email's scoring information is now shown in the event log.
  • Web Filter:
  • Web Filter now has an event log to search queries. The major search engines are supported: google, bing, yahoo, ask. For HTTPS based web searches HTTPS Inspector is required.
  • Directory Connector:
  • The AD login monitor has a new installer and implementation. The new UI has been redesigned and is more intuitive.
  • IPsec VPN:
  • L2TP usernames are now stored in the host table.
  • L2TP now support RADIUS
  • L2TP DNS can now be configured manually.
  • L2TP now supports multiple WANs.
  • License Management:
  • There is now an alert shown if you are currently exceeding your license. Also, devices beyond your seat limit still have their traffic processed as normal, however the hostname and username in the Host Table will both be "unlicensed" for devices beyond the limit.
  • Other Features:
  • Packet Test now allows exporting results as a tcpdump/wireshark save file.
  • New app icons.
  • New Application Control signatures.
  • SNMP v3 is now supported.
  • More input verification added.
  • Local Directory can now be imported/exported.
  • Captive Portal can now use 'HTTP: Hostname' in rules.
  • Bug Fixes:
  • Add more root CAs to HTTPS Inspector root store.
  • Many localization fixes.
  • All usernames are now case insensitive and lowercased.
  • Event logs and reports now correctly show in server timezone.
  • Many other fixes!

New in version 10.1 (February 6th, 2014)

  • Downloading the Apps:
  • The whole process of downloading the applications has been removed. Previously a user would install untangle then download & install the applications. In the old days the applications were too big to fit on a CD, among other reasons, so the applications were distributed seperately after installation.
  • In 10.1 and the future, the applications will be preinstalled on the appliance or installed with the CD or USB key along with the platform. This makes the installation much quicker and simpler.
  • Now when the user logs in for the first time they will register this server with their untangle account and then they can install the applications. No download is required.
  • This should also simplify many other things like restoring backups, installing old versions, application download issues, tec.
  • High Availability:
  • Untangle now support basic VRRP configuration to allow for hot/cold high availibilty of multiple Untangle servers. Multiple Untangles can be configured to "share" an IP address and where one is the master and one or more are slaves. In the event of a critical failure one of the slaves will become the master and clients will still have immediate uninterrupted access with no configuration changes.
  • Web Filter:
  • Web Filter now displays a block page when blocking HTTPS even if HTTPS Inspector is not in use. Block page cert will not match, obviously, so user will have to accept the warning, but this is much better than just resetting the session.
  • Web Filter HTTPS blocking (without HTTPS Inspector) has been improved. Like 10.0 it will try to categorize HTTPS traffic via SNI first. However in 10.0 if no SNI was available it would try to categorize by IP which can be inaccurate. Now as a fallback it will categorize by fetching the certificate from the HTTPS site and categorizing the session based on the CN in the certificate which is far more accurate. If this process fails (very rare) then it will then fallback to IP-based categorization.
  • Captive Portal:
  • Captive Portal now displays the capture page on HTTPS even if HTTPS Inspector is not in use. The capture page will require the user to accept a warning because the certificate will not match, but this is much better than just blocking the session.
  • Memory Conservation:
  • Daemons (antivirus scanners, spam scanners, etc) are now only run if the application that requires them is running. This should save memory and resources in cases where users aren't running those applications which improves performance on low-memory servers.
  • Application Control:
  • Added 94 new applications! Also improved skype blocking which (currently) effectively blocks skype communications.
  • Event Logs:
  • Event Logs UI has been significantly improved.
  • Hiding and showing columns and all event logs have all possible columns values is now possible.
  • Filtering based on column values or any value is now available.
  • Global filtering is now available with "search" box
  • Querying for events via date range is now available.
  • The events are no longer paginated
  • The reports event logs now use the same event log viewer as the administration UI.
  • Other Changes:
  • Logon script updated
  • Added support for my dynamic DNS services (#3153)
  • removed default Application Control Lite signatures (details here)
  • Added an bridge STP option (#11387)
  • Add "register-dns" to OpenVPN configuration (#11483)
  • Moved to java7 update21
  • Moved to extjs 4.2.2
  • Moved to tomcat 7
  • Changed email test to return actual result of mail relay.
  • Fixed MTU issue
  • Improved Ad Blocker performance
  • Many other small fixes and improvements

New in version 10.0 (September 19th, 2013)

  • HTTPS Inspector Enables On-The-Fly Decryption and Analysis of Datastream:
  • Sunnyvale, Calif., Sep 18, 2013 –Untangle, Inc., a network software and appliance company, today announced the release of Untangle 10.0, the latest version of its award-winning multi-function firewall software. Untangle 10.0 is the most significant update to the popular platform in more than five years; 10.0 includes a new application, HTTPS Inspector, as well as a complete refactoring of its networking architecture.
  • HTTPS Inspector:
  • More and more websites and popular apps require users to connect via HTTPS (Hypertext Transfer Protocol Secure), the protocol for secure communications on the Internet. This encrypted traffic presents a challenge to filtering devices that inspect traffic and apply rules based on network usage policy.
  • Untangle HTTPS Inspector allows for full decryption of HTTPS so that applications like Web Filter, Application Control and Virus Blocker can scan the traffic and apply their rules to it. This enables organizations to ensure that the same level of control that Untangle exerted on non-encrypted HTTP traffic can also be in place with encrypted HTTPS traffic.
  • Networking Architecture:
  • The Untangle platform’s networking layer features a streamlined user interface fronting an optimized architecture with a host of new features. Notable amongst these are enhanced support for IPv6 and 802.1q VLAN tagging.
  • With Untangle 10.0, network interfaces can now be configured with IPv6 addresses. Wide Area Networks (WANs) can be configured statically or with stateless address autoconfiguration (SLAAC). Non-WAN addresses are configured statically. Router advertisement is allowed on non-WANs.
  • Untangle 10.0 also supports virtual local area networks via 802.1q tagging, improving Untangle’s VLAN support. These 802.1q tagged interfaces are custom “alias interfaces” that appear just like physical interfaces but only handle traffic with the appropriate 802.1q tag. Any packets sent on this alias also get the appropriate 802.1q tag.

New in version 9.4 (January 12th, 2013)

  • Separate mobile devices to a different rack with different policies for BYOD (bring your own device) environments. Captive pages can be displayed by operating system and/or device type.
  • Show different captive portal pages to wireless and wired users.
  • Only show a captive portal page if the user is not already known via some other method (like the Active Directory Login Script).
  • Show a warning page when the user goes over quota or is added to the penalty box for bad behavior.
  • Have special captive pages for specific sites.
  • Enable custom integrations from acknowledging Acceptable Use Policies (AUP) to accepting payments for wi-fi hotspot access.

New in version 9.1.0 (December 13th, 2011)

  • Platform:
  • The application order in the rack has been revised
  • Event logs have been reimplemented, columns have been added, improvement improved, and options added.
  • Many usability improvements in the installation & setup wizard
  • App downloads now show progress correctly.
  • Many apps settings have been moved from postgres to files
  • Local directory users are now saved in a file (vs slapd)
  • BerkeleyDB has been removed.
  • DHCP renewing no longer restarts networking (nor disrupt VPN connections) (#8955)
  • SIP helper is now disabled by default (#7236)
  • Improve start-up time.
  • App display order has been changed in the rack.
  • Virus Blocker(s):
  • Virus Blocker has been renamed to "Virus Blocker Lite."
  • Kaspersky Virus Blocker has been renamed to "Virus Blocker"
  • The new "Virus Blocker" (paid) application uses a new engine from a better OEM provider.
  • On upgrade, users will continue to have Kaspersky Virus Blocker until their subscription expires and they will automatically convert to Virus Blocker.
  • The conversion table:
  • 9.0 and prior 9.1 and after
  • Kaspersky Virus Blocker Virus Blocker
  • Virus Blocker Virus Blocker Lite
  • Spam Blocker & Booster:
  • Spam Blocker has been renamed to "Spam Blocker Lite."
  • A new premium "Spam Blocker" application has been added.
  • The "Commtouch Spam Booster" application has been folded into the "Spam Blocker" application.
  • It is not recommended to run both the lite and full spam blocker(s). This results no additional spam caught and worse system performance.
  • On upgrade the the following conversion will take place such that in all scenarios the server will functionally be the same, but the apps will be slightly different:
  • The conversion table:
  • 9.0 and prior 9.1 and after
  • Spam Blocker Spam Blocker Lite
  • Spam Blocker + Commtouch Spam Booster Spam Blocker
  • Also added a new "pass outbound message" to the event log so it is obvious when running a backwards bridge.
  • Web Filter:
  • Web Filter now uses an expanded list of categories for greater granularity.
  • Web Filter has new defaults to reflect the new categories.
  • New category settings will be converted from old category settings on upgrade.
  • Web Filter Lite:
  • Ads have been removed from blockpages
  • Database is now stored in an in-memory hash table.
  • Performance is improved, but more memory is required.
  • Spyware Blocker:
  • Now enforces google's safebrowsing maleware list.
  • Obsolete ActiveX functionality removed.
  • Phish Blocker:
  • Now enforces google's safebrowsing phish list.
  • Firewall:
  • Firewall rules now use matchers like Bandwidth Control and Port Forwards.
  • Firewall rules can now match on Username (with Directory Connector) and Group.
  • Firewall rule ID now displayed in UI and event log.
  • WAN Balancer:
  • WAN Balancer now installs in the "off" state (#8966)
  • WAN Balancer now ignores inbound connections (#8942)
  • Bandwidth Control:
  • Username rules can now match on multiple usernames and globbed expressions (#8879)
  • OpenVPN:
  • Now distributes openvpn 2.2.1 to remote clients
  • New client supports windows 8.
  • Note: these changes only effect newly distributed clients, already configured remote clients are unchanged.
  • Architectural Changes:
  • Below are some changes made under the cover that are not necessarily visible as a user.
  • Settings files:
  • We are in the process of moving settings out of the postgress to files. Previously settings were stored in tables in the database. This worked but it had a few downsides:
  • Created an unneccesary dependence on having the database accessible at all times
  • Made the code to handle settings reading/writing and modification more difficult than it should be.
  • Made it impossible to just view your settings manually as you had to run a bunch of database queries.
  • Its slow
  • Settings now live in files in a JSON format in /usr/share/untangle/settings/. In 9.1 some of the apps have been converted to use the new settings format, and in future version the rest of the apps and platform will also be converted.
  • This has a few benefits:
  • Its much simpler
  • which makes reading/writing settings much easier
  • highly simplifies other tasks like backup/restore
  • allows for external daemons to easily read settings
  • etc
  • Its faster
  • It allows for advanced users to just edit and backup settings files
  • It paves the way for command center functionality (as now you can easily have a "standard" web filter settings file)
  • The following applications/functions now have their settings in files:
  • Web Filter
  • Web Filter Lite
  • Web Cache
  • Bandwidth Control
  • Firewall
  • Spyware Blocker
  • Spam Blocker
  • Spam Blocker Lite
  • Phish Blocker
  • Attack Blocker
  • Ad Blocker
  • Protocol Control
  • Local Directory
  • Dropping Berkeley DB:
  • Previous we used a special database to store the Web Filter Lite and Spyware Blocker databases. This has been a performance bottleneck and source of excess disk I/O for little benefit. The databases aren't big enough to justify this.
  • In 9.1 we store the Web Filter Lite categorization table and Spyware Blocker lists in memory. This significantly speeds things up, but also means more memory is required. In our testing, Web Filter Lite probably uses about 100 megs more memory. Of course, no memory is wasted on the berkeley DB cache now either which is some cases was larger than the database itself.
  • Ultimately this is just simpler and faster and only requires marginally more memory. Note: Web Filter is NOT effected. Web Filter uses a paid online dynamic categorization service and has its own much smaller/faster cache implementation.
  • Event Logs:
  • There are two layers of events in Untangle. The first level is the fully-normalized events. Each application will write its own event as things happen. For example, Protocol Control might log that a session is HTTP, and Web Filter might log that it passed the "http://untangle.com" as a Technology categorized site. Meanwhile Bandwidth Control logs the same session as being prioritized as "High," and Directory Connector logs that the "jimbob" user created this session.
  • These flush to the database every few seconds/minutes.
  • Later the Reports app would come along and compile de-normalized "fact tables" out of all these seperate tables. These "fact tables" were easy and fast to query and generally contained all the information in one row. This allows for you quickly to query all events relating to a certain user for a certain time period to a certain site, without doing excess joins on all the seperate normalized tables.
  • In 9.0 and prior, the event logs queried the normalized tables. This worked fine but users often requested extra fields that simply could not be added without adding joins. When we did add joins to add these extra fields the queries became too slow and sometimes not return at all, and it would often stress a live server enough to slow network traffic. As such we didn't add new columns.
  • In 9.1 the event logs query the de-normalized fact tables, so the queries are much faster, simpler, and have all the relevent columns easily accessible.
  • As with all things there are trade-offs:
  • This means that the fact-table compilation must happen before you can view the fact tables. Currently, we do this periodically in the background (the interval depends on your hardware) and on-demand when the "refresh" button is pressed in the Event Log UI. This means the actual retrieving of the events is faster, but the first visit may require fact-table compilation process to be run if you want more recent events. On a fast server this process takes only a second or two, on a slow server it can take a few minutes.
  • The good news is that event logs and reports now draw from the same data pool and should match exactly. This also paves the way for more featured event logs. Columns are now all sortable. In the future when we move to a newer extjs javascript library add even more features such as filtering/sorting/searching and even graphs and visualization tools because the database queries can all be done in semi-realtime.

New in version 8.0 (November 17th, 2010)

  • Platform:
  • Added ability to import/export rules and settings in tables (#1573)
  • New "Session Viewer" to view sessions currently being scanned
  • Sessions now shown as stat at top of rack
  • DNS is now bypassed by default (#7996)
  • New kernel for additional features required for Bandwidth Control and QoS (2.6.26-2)
  • New ExtJS toolkit for UI
  • QoS:
  • New Implementation for more functionality and better usability
  • Now 8 priorities, with customizable behavior for each
  • Now does both inbound and outbound limiting
  • New session viewer for seeing session priorities
  • Bandwidth Control:
  • Added the Bandwidth Control application for bandwidth and traffic shaping (#3963)
  • Added Bandwidth Monitor for real-time session viewing
  • Bandwidth Control reports for viewing bandwidth usage on the network
  • Bandwidth Control rules allow for prioritization of traffic
  • Penalty Box allows for handling of misbehaved users
  • Quotas allow for allocation of hourly/daily/weekly bandwidth quotas
  • eSoft Web Filter:
  • Now uses SNI to filter HTTPS traffic by hostname (reverts to old behavior if no SNI found) (#7172)
  • Reports:
  • Added ability to manually start report generation (#2479)
  • Increased maximum retention time (#8016)
  • Top CSVs now include all data (not just top 9) (#8122)
  • Various bugfixes
  • Captive Portal:
  • Ability to view current logged in users (#7630)
  • Ability to force log out logged in users (#7630)
  • Fix bug for the enable checkbox not working properly (#7685)
  • Directory Connector:
  • No longer counts "captive portal user" as a valid user (#8004)
  • Added "Groups" Column to Status page table.
  • OpenVPN:
  • Improved usability of wizard (#8001)
  • Now pushes search domain to connecting clients (#8164)
  • No longer enables port 443 automatically
  • Client updated to 2.1.3 (with Windows 7/Vista support)
  • WAN Balancer:
  • Sessions created during startup now handled (#8074)
  • Other bugs:
  • UDP fixes (#8077, #8078)
  • More 8.0 Fixed Bugs

New in version 7.4 (August 13th, 2010)

  • Platform:
  • Updated kernel with many bugfixes including HPET-fix (#7789, #7847)
  • Updated NIC drivers for some modern cards (#7892)
  • Rename packages to lite/standard/premium (#7726, #7886)
  • Added a warning for port 443 port forwards (#5727)
  • Made switching from bridge to static more intuitive (#7460)
  • Added some community skins (#7715)
  • Additional error checking on app installation (#7801, #7804, #7878)
  • Video-safe-mode is now the default (#7838)
  • Reports:
  • Major report changes to bring consistency and simplicity to report graphs and data (#7713, #6923, #7505, #7579, #7583, #7618, #7893, #7894, #7895, #7896, #7897, #7901, #7902, #7903, #7913, #7924, #7927,#7928)
  • Report pages can now be printed (#7445)
  • Web Filter:
  • Double slash now handled correctly (#7803)
  • Wildcard in block/pass list fixes (#7842)
  • Captive Portal:
  • CIDR notation now works in capture and pass rules (#7640, #7729)
  • Logout button improvements (#7723)
  • Intermittent logout fixed (#7832)
  • Spyware Blocker:
  • Fixed block cookies checkbox (#7708)
  • OpenVPN:
  • Table can now be sorted. (#7806)
  • Firewall:
  • Only matching sessions reset on save (#7925)
  • eSoft Web Filter:
  • Enforcing safe search in eSoft Web Filter now works on international domains (#7754)
  • Directory Connector:
  • Disabling HTTP no longer breaks AD login script (#7209)
  • Can now specify a username/password for RADIUS test (#7456)
  • Kaspersky Virus Blocker:
  • Now ignores "not-a-virus" signatures (#7833)

New in version 7.3 (June 4th, 2010)

  • Enhanced download & upgrade UI progress meter
  • When Untangle apps are downloaded or when future upgrades occur, Untangle Server will now display more details about the download / upgrade as it happens.
  • Platform enhancements
  • Our commitment to support different kinds of hardware and network interface cards (NICs) continues unabated. We now have much broader support, for practically all Intel NICs, and select Broadcomm cards.
  • With this release we have also made performance improvements in Untangle to consume less memory.
  • Application Improvements
  • Several fixes and enhancements have been made to:
  • Reports
  • OpenVPN
  • Directory Connector
  • eSoft Web Filter improvements
  • For a full list of improvements in Untangle 7.3, please visit
  • http://wiki.untangle.com/index.php/7.3_Changelog
  • OEM Toolkit
  • The Untangle Administration console can now be customized by OEM partners that wish to integrate Untangle software into their own appliance hardware. This capability enables:
  • Changes to the Untangle Admin console to reflect OEM’s brand
  • Changes to Text references to Untangle, to OEM's name
  • Changes to Untangle iconography to OEM-provided imagery
  • Branding Manager app changes
  • We have also made enhancements to the Branding Manager, so show up as a rack element within Untangle. To be clear, the Branding Manager only changes components on pages that end-users behind an Untangle-protected network will see, namely:
  • Block pages
  • Quarantine pages
  • Captive portal pages

New in version 7.0 (October 2nd, 2009)

  • Totally Redesigned and Rearchitected Reports
  • Improved video card/monitor hardware support
  • Major WAN Balancer & WAN Failover improvements
  • OpenVPN now support Vista and 64-bit clients
  • Performance improvements