Untangle in front of USG Pro 4?

BigDave · December 16, 2020, 11:54am

I thought Tom had a video or post about installing Untangle in front of USG, but I’ve searched and can’t find anything.

Here’s my current setup:
Cable modem -> USG Pro 4 -> UniFi Switches / APs / Etc

Here’s the setup I’d like to create:
Cable modem -> Untangle -> USG Pro 4 -> UniFi Switches / APs / Etc

I need the performance of Untangle for things such as IDS/IPS, but want to keep the USG so my UniFi environment stays graphically pretty I also have a regular USG (non-Pro) available if that would make this task easier?

Thanks for the great videos and sharing of knowledge!

gsrfan01 · December 16, 2020, 12:19pm

Last time I looked into this was about 3-4 years ago but was possible, but requires using the config.gateway.json trick.

There’s some guidance on the UI forums, but I’m not sure how relevant they still are https://community.ui.com/questions/Guide-to-disabling-NAT-on-USG/c96beb72-7784-4265-9706-a18a0d418f9f

To be honest, Untangle is likely to have vastly better metrics than whatever Unifi will give you. The USG’s DPI and other “stats” features are not the most accurate or actionable. If all you’re going for is to have this

look like this

You should be able to do that by disabling NAT and opening up the firewall rules to any any.

LTS_Tom · December 16, 2020, 12:56pm

I don’t recommend anyone use UniFi routing equipment such as the USG or USG pro if they want more than just basic routing.

BigDave · December 16, 2020, 1:35pm

Hi Tom! Thanks for your reply

I plan to use the fully licensed Untangle appliance for all UTM functionality. The USG/Pro would only be there for the stats it provides. Perhaps this stems from the a deep-seeded desire to have all of the UniFi dashboard bubbles lit up back in the day! LOL

jleaman · December 21, 2020, 3:25am

Ditch the Unifi Firewall and just go full on with Untangle UTM.