Configuration options for Untangle

Configuration options for Untangle firewalls in RocketCyber

Content checks	Untangle devices classify network traffic by destination into various categories, including the ones listed here. In particular, we suggest monitoring activity which is: Illegal Visiting known malicious sites Accessing remote access tools Probably unwanted (e.g. sites which harm productivity)
Reputation lookups on connecting IPs	This will monitor traffic and inform you only of unexpected traffic or traffic coming from unusual locations (e.g. countries on the Enabled Countries list).
Potential compromise	Like most high confidence/low confidence event pairs, the low confidence detections introduce a large amount of noise and are not helpful in most situations
VPN detection	This will detect any attempt to use VPN functionality, so only enable this if VPN is disabled in your network and there should not be any VPN usage on your network.

Log Format

The expected format for Untangle logs is syslog-compatible JSON. For example

EXAMPLE <174>Mar 3 14:21:07 INFO uvm[0]: {"reason":"DEFAULT","appName":"web_filter","requestLine":"GET http://app.rocketcyber.com/","sessionEvent":{"entitled":true,"partitionTablePostfix":"_2020_03_03","protocol":6,"hostname":"ROCY-16","CServerPort":443,"protocolName":"TCP","tag":"uvm[0]: ","serverLatitude":39.0481,"localAddr":"/192.168.7.77","class":"class com.untangle.uvm.app.SessionEvent","SServerAddr":"/72.72.72.207","remoteAddr":"/72.72.72.207","serverIntf":1,"CClientAddr":"/192.168.7.77","serverCountry":"US","sessionId":103742377779893,"SClie...

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.