WiJungle U20 Unified Network Security Gateway Review

In today’s’ world I don’t have to apprise how crucial the security of network devices is. Recently, the hack of some Twitter accounts shows us how prevalent and extreme the cyber attackers would be and this will go beyond in coming future. However, when such a big social media network could be compromised, in such scenarios small businesses and enterprises those just rely on basic firewalls and routers for their safety should think twice.

Yes, there are open source as well as paid software platforms in the market to curb increasing threats such as viruses, Trojans, spam, and hacker attacks from the Internet. These include virus scanners, firewalls, anti-spyware and anti-adware software as well as intrusion detection and prevention systems including VPN -Gateways. And indeed they are able to monitor user access as well so that the internal data and applications in a company cannot be misused, however, installing and maintaining all of them is also not an easy job; moreover, if you have a big network then it’s easy to lose track of network security products.

Furthermore, to reduce the security gaps that occur while handling multiple threat management platforms, many security solution providers are moving to provide a unified product that comprises all key security modules including the hardware. This saves the cumbersome administration and monitoring of different and separate security systems. Therefore, such kinds of single packed security solution products sold by many different manufacturers under the catchphrase of Unified Threat Management (UTM).

Now, what is Unified Threat Management (UTM)?

As mentioned above the UTM appliances in the market made available by different brands are used to defend the network against viruses, phishing emails, and attacks from outside, and inside. They provide multiple security systems and functions in a single hardware appliance and the key components of most of them are firewalls, IDS and IPS systems, virus protection, gateways, VPNs, spam filters, and content filters. UTM solutions from well-known manufacturers such as Check Point, Cisco, Fortinet, Juniper Networks, Sophos are available on the market, well, here we have one more with affordability to secure our networks, it is WiJungle.

WiJungle is an Indian company that offers security solutions in the form of Unified Network Security Gateway and enables organizations to manage & secure their entire network through a single window. Some of you might have heard the name of WiJungle first time, however it already operational in various private and government sectors in India along with a presence in more than 25 counties. As per the WiJungle, their security product can reduce the investment of companies up to 60% by eliminating the need for various stand-alone security applications. Data Security Council of India recognized WiJungle among the Most Innovative Product Of The Year 2018. The company founded in 2014 and some of its UTM products features are as follow:

• Both UTM/Next-Generation Firewall and Hotspot Gateway features in a single appliance.
• Affordable product in its segment with the lowest renewals.
• On renewal, all features continue to work. Only updates and support will stop.
• 24*7 Free Call and Email Support with Advance Replacement of Hardware.
• The inbuilt storage of User logs for a period of 1 year along with search option.
• Unlimited Free Authentication SMS (India Only).
• Robust hardware.
• Router, VPN Server, Load Balancer, etc.
• Auto-Feature update via the cloud.
• AI & ML based appliance and software product which helps organizations of any size to seamlessly manage and safeguard their entire network through a single window.

WiJungle has a wide range of UTM products to cater to various small, medium, and large businesses across verticals like Enterprises, Education, Hospitality, Healthcare, BFSI, Transport, Retail, Defence, Smart City, Real Estates and Events, etc.

Well, we also experienced one of the WiJungle products that is U20 designed to meet the security demands of small companies or enterprises. Apart from WiJungle U20, there is a wide range of products with some additional hardware features such as high-speed ports with extra RJ45 ports, expansion slots, memory, storage, and high performance. However, in terms of the software, there will be not much difference expect few features.

WiJungle UTM hardware is running on the company’s proprietary OS based on Ubuntu/Debian Linux with a web interface that can be easily accessed via a browser. It has functions such as Essential Network Firewall, Network Protection, E-Mail Protection, Web Protection, Web Server Protection, or Wireless Protection. In our small test, the WiJungle – U20 appliance has to prove whether the device meets the high expectations or not.

Let’s first start with the product design:

WiJungle U20 Design

The design of the UTM U20 is quite a simple nothing much complicated. Even the size of its not more than just a small router and of course it is not a Wifi router thus no antennas that make it more convenient to place in small concealed space. Just like most of the UTM devices available in the market in this category, the WiJungle U20 also has four RJ45  ports for LAN and WAN connections including one more, stipulated for COM connections. To operate the WiJungle from a terminal or VGA port, two USB ports are given to use for computer peripherals such as Keyboard and mouse.

For indication, the front holds eight status LEDs for the network (LAN) and one LED for operation and hard drive activity including a Power ON indicator and restart button.

At the rear side it as VGA port and slot to give power supply from the adapter coming along with the product. However, I didn’t find any fan inside the U20 to cool down the internal components of the devices, thus this means it uses passive cooling that results in zero noise. Nevertheless, to dissipate heat, perforation has been done around the body and at the bottom of the UTM. Also as per the company, the U20 can be used between -10 to 60 deg celsius that means the device won’t trip off the security in winters or summers, regardless of the geographical conditions. Furthermore, as we know most of the enterprise premises use temperature control systems, thus the device can easily survive without an internal fan.

WiJungle U20 UTM key Specifications

Brand & product	WiJungle U20 + HotSpot Gateway UTM
concurrent session	2800000
Operating Temperature	-10 to 60 deg C
ips throughput	590 Mbps
udp throughput	3200 Mbps
Warranty	1 Year
Relative Humidity	5-95% No Condensing
Memory	2 GB
HDMI / VGA output	1 VGA
Number of Users	SSL & VPN: 120 users
vibration	0.5 grams
VPN throughput	240 Mbps
Weight	1.2 Kg
Suitable For	Enterprises, Education Institutes, Hospitality, Healthcare, Retail, Transportation, Smart City, Residential Estates & Events
Power Supply	Open: 12 V & 5 Amp
warranty description	1 Year Hardware Warranty with Software & Support License
new session	16000 per Sec
Number of Ports	USB: 2, GBPS Ethernet: 4
A solid-state drive (ssd)	16 GB
Frequency	5-500 Hz
UTM throughput	380 Mbps
Storage Temperature	-20 to 70 deg C

Initial Connections Setup

The setup of the WiJungle UTM is quite easy, nothing complicated at all. If you have just bought the device then simply follow the below steps to establish an initial connection in order to access the WiJungle UTM interface.

• Plugin the Power Support to the UTM.
• Insert LAN cable in Port C, however, I used the Port D, because of its pre-enable DHCP server. Means, I won’t need to manually set the IP address for my PC or laptop for the initial connection.
• If you want to use the internet, then plugin its RJ45 WAN connection to its port A.
• Now, go to Network Manager of Windows, Linux, or macOS and set a static IP address of your devices to 10.0.0.2 and subnet mask 255.255.255.0/24 and default gateway 10.0.0.1.
• Save the configuration.
• Now, open your system browser and type the gateway address set for the Port C that is 10.0.0.1 along with 8083 port number. Example: https:10.0.0.1:8083. In case you get an SSL error, allow the exception.
• Login to the WiJungle UTM dashboard. The default username is admin and password is admin1A@

In the below screenshot you can see WAN is active on Port A while the LAN is on PORT D that I used to connect the device.

UTM U20 Interface

In the first view of the Dashboard, a graphical web interface gave us a clear impression and provides information about the device status such as CPU and RAM utilization, active network links, Applicliance detail ( model & serial no., License status, OS version, Last update, Last reason for UTM down); Live TCP/UDP connection; ISP speed, Last 5 IP logs and more.

Apart from it, WiJungle intuitive interface provides all the meaningful tabs or security module menus on the left side panel such as management, content filtering, network services, firewall system protection and more give the impression that the configuration of this appliance with the mouse would be very easy and indeed it was.

Also, while reviewing WiJungle U20, we found the menu navigation on the Web interface was clearly structured and intuitive to use. However, this does not mean the user is set free from having to deal in detail with the complex matter or configuration of the individual functions. Like most of the Unified threat management appliances, dealing with lots of options at one place would always be a cumbersome job, especially for those operating UTMs first time.

Let’s go through the key sections of the WiJungle UTM OS and see the functions available under them.

Network

The Network section of the Device features all the options to manage LAN and WAN ports including Load balancing and more.

WAN Setting: This area is dedicated to set the Port to obtain internet or WAN connection. However, due to the flexibility, we can assign any port to WAN to LAN using the Advance settings and changing the available ZONE.

LAN Settings: It will show all the available ports assigned to be used for the Local area network. The bridge and VLAN are also available.

Load Balancing & Link Aggregation: This is a very nice feature offer by WiJungle at a very cost-friendly price. The user can club its multiple WAN connections to provide increased bandwidth to devices available in the LAN network. That can stipulate traffic weightage/preferences and also smoothly manages the failover and diverts the traffic.  

More Utility: It consists of various options such as Hosts, Mac Wlist/Blist, Clientless Devices, IP-MAc Binding, NAT rules, Port Forwarding, Routing, DNS, ByPass Sites, and Web Proxy.

Network Monitoring and Internet Analysis are too there to keep eye on incoming and outgoing connections.

VPN & Certificate

Create your own SSL certificates for servers and clients. This section helps the users to create and manage secure connections for VPN, adding policies, and more… Support to SSL, PPTP, IPSec, and L2TP VPN with encryptions (3DES, DES, AES, Twofish, Blowfish, and Serpent) and hash algorithms (MD5, SHA-1, SHA-2) helps organizations to establish a more secured connection.

User Management  

A section to create a user that could access the internet on LAN or Wifi along with the ability to push various web and other policies on a cluster of users in a group. Furthermore, you can set a time limit for Guest users on the network, block, activate, or dynamically switch a user from one group to another; set auto-expiry for each user; automatically send Username and Password of the newly created user and more. 

Bandwidth Management

Bandwidth management is the most crucial thing for any organization, especially when you have a number of devices connected to the same network. At such scenario, this feature helps in limiting the data and speed usage along with Quality of Service (QoS), the device let admins easily create policies and prioritize bandwidth for a user/group or guest based on their profiles so that the essential services or users within the organization wouldn’t get suffered from slow internet. 

Content Filtering

The scope of the appliance also includes a content filter that examines the data stream according to several criteria. Content Filtering of WiJungle is another security module that holds the policy creation related to the web, IP, Port, Keyword, and Application Filtering. Admin can create various policies to block various websites, URLs, domain names, or whole categories such as Adult, gaming, social media, and more. Moreover, we can block the availability of various web pages by specifying keywords.  This helps the organizations mitigate the excessive usage of bandwidth and access of users to malicious websites. 

Captive Portal, Create Vouchers & PMS management

As we know WiJungle can be used as Hotspot Gateway to provide authentication, authorization, and accounting for a wireless network.  Therefore, we can create voucher-based authentication with limited-time access to allow users to access the internet during various events or in hotels, hospitals, education institutes, etc.

Furthermore, the captive portal of the WiJungle offers various predefined templates to allow newly connected users of a Wi-Fi or wired network to access the internet.

• Fixed User
• Simple Cash Voucher Template
• Simple Social Media Template
• Long Mobile and Social Template
• Simple Mobile Number Template
• Simple Mobile and Social Template
• Long Mobile Number Template
• PMS Template
• Turkish ID Template
• Foreign ID Template
• User Info Template

We can customize the captive portal with logo, message, and other details of the organization to give our own branding.

SMS Gateway/Feedback

Well, WiJungle for its India users provides Unlimited Free Authentication SMS which can be configured form the SMS Gateway/Feedback module. By Default the WiJungle gateway would be selected, however, the users can go for any third party one as well. Furthermore, the device also facilitates admins to customize the message to SMS, including the option to pre-define time. Apart from this, there are pre-built templates to send SMS to users for Thank you Message,  One Time Password, Birthday Wishes, PMS Messages, and Invalid Users.  

Firewall and Threat Policy

The Firewall module is one of the main reasons why businesses go for UTM devices. As they get a feasible package to thwart threats at one place, for example, DDOS, Antivirus, AntiSpam, Threat Analytics, Vurnalitiy Assessment of the network, and Access Rules to allow or block a specific source of the traffic for all IPs or some particular group. We have run a small test to ensure whether it really works against DDOS and other attacks or not will talk about later in the article.

Config Backup or Restore

This is the section that let’s take a backup of all settings and database of the users we have created on WiJungle to restore later. Furthermore, the admins can take a backup of their initial working settings on WiJungle that can be easily restored later in case some blunder or wrong settings made by some other Admin level user. This could save some time in case you are not able to find out the particular settings that are creating a  problem. 

Resetting the UTM to its factory settings can also be done from here. 

There is also an important section under the Config backup/restore- Enable or Disable Sevices. One can stop or start some particular service in case some changes are not reflecting or need to enable some service. 

Moreover, to prevent the appliance from failing, the manufacturer has equipped its security box with HA functions ( high availability ) such as failover. However, two physical appliances and parallel networks are then required. Its service can be enabled or disabled from this scope. 

So, these were some of the key security modules available on WiJungle apart from them Advance Management and Troubleshoot tools are also right on the Web interface of the UTM.

Update functions and core system setting features

In an organization, when there are so many devices to look after, it really becomes a headache for an Admin to make sure all the devices are up to date, especially, the first wall of defense that is UTM. In WiJungle, the admin user can set the Firmware Updates to Automatic. This will download and install them at the time specified by the Admin from Config backup/restore→More Utility→Settings.

From the same place, we can enhance the security of the UTM to further by using it in a Container Mode, by default Non-container Mode will be activated.

Now what exactly the Container Mode does? In this mode, WAN Interfaces will be shifted in a virtual container where LAN will communicate to WAN via virtual Ethernet devices which act as tunnels.

LAN<--->VETH(10.200.1.0/24)<--->WAN

In WiJugle Container mode, the same subnet can be used in WAN as well as LAN. For e.g. if you are setting 192.168.1.12 as static in WAN Port A & DHCP is provided by LAN Port C in subnet 192.168.1.0/24, communication can happen and the internet can be accessed. This ensures that attackers will not be able to see the LAN container, in case the device has been compromised.

The admin can check by using the Traceroute command to ensure each packet is moving from 10.200.1.0/24 subnet.

Whereas in the Non-Container Mode which is activated in all WiJungle UTM by default, all the interfaces will be in the same container and there will not be any routing through virtual Ethernet devices. 

Usage and working

As we know that most of the network compromised due to the weak policies and firewall rules above that human error or negligence is another big factor. Well, that’s what we have to ensure at least from our side, whatever the security product we are using must be able to fully protect the network environment.

We ran a couple of small tests to check whether WiJungle really works, in an isolated environment, to ensure Firewall, Content filtering, DDOS and Antivirus are working fine. 

Note: This test carried out in an isolated environment with three systems in LAN, thus, the real-time scenario could be different. Therefore, the buyers should contact the Company for Demo and other details. 

Let’s first talk about Content Filtering which contains various sub-modules to create filtering polices. Web filtering is the one which is really handy because of the predefined set of website categories that we can use for creating filtering policies. I enabled Adult and Social category filters to block the websites falls under it using DNS & SSL Certificate. However, the default category selection blocked most of them but couldn’t all such webpages, the reason behind is such adult content portals often change their domain names, and daily some new website is up and running to distribute the content which you don’t want your user to access. Thus, the admins need to manually import or add the list of such domains to UTM in order to filter them. Also, this can be fortified further by using the Keyword policies, even the domains could be changed but most of them use the same name or keyword. Thus, create keyword policies with all such words which you want to filter, and the rest of all will U20 manage. We didn’t find any problem in creating filtering policies it was smooth and easy to manage.

The intrusion prevention system of WiJungle proves to be remarkably accurate with almost zero droppings of legitimate traffic. The IPS offers comprehensive safety through its proactive approach. The powerful firmware makes IPS configuration very easy and effective.

To check Antivirus, we created an Apache server and FTP where we dumbed some Viruses to download via a browser. It successfully identified and dropped them to save the user’s system. 

In addition to all the above, we targeted an Apache webserver running one of our systems with help of Kali Linux and Metasploit tool’s Auxilary SYN Flood to launch the DDOS attack but fortunately, that has been saved by the WiJungle.

Also, the nice and free SMS feature to get OTP or alerting the users on logging in/out or when they exhaust the stipulated voucher usage is really worked well. Even the sending of login details to new users along with wishes on their birthday and all was absolutely fine.

Well, these were just a few basic tests we performed on this UTM, the main purpose of this review to just make our users acquainted enough with the capacity of this UTM. If someone wants to buy it for deploying in an organization h/she must consult directly to the company and according to their network environment and sensitivity of their work, they should start implementing the policies and hardening of the network.

Support and Documentation

Documentation is really a downside of the WiJungle. While analyzing the product a few times I got stuck while implementing the security feature. However, I tried a lot to go through documentation in order to solve my problems but that was in vain. And I tried to connect for tech support and for that I must say it was amazing.  Simply, I went to their official website, initiated a chat with WiJungle support executive, and in a few minutes, he took my system on remote and started resolving the matter. So, that was pretty much nice. 

Conclusion:

The WiJungle UTM U20 + Hotspot Gateway is destined for small businesses or branches. It offers a lot of useful and interesting features that are not necessarily a matter of course in this price range. 

In addition to a broad set of functions for safety devices, the device stands out due to its clearly defined licensing model. It costs USD 500+ Taxes for hardware and a 1-year license, in this package it supports 35 users to access all the benefits provided by this UTM gateway, quite affordable and well balanced as compared few other well-known UTM solutions available in the market. 

Basically, the problem of today’s small businesses that most of the commonly available security platforms are not enough powerful to protect their networks or fight the evolving threats. Whereas, when we talk about high powered enterprise-class security products they are too costly and resource-intensive in terms of dedicated IT expertise. In such scenarios, WiJungle U20 and other similar available UTM solutions in the market are filling this gap effectively.

Therefore, if you are looking for a small UTM with the appropriate functions for your remote office/branch office(ROBO) and small office/home office (SOHO) environments then once you should look at this box; we said this because a variety of functions, the intuitive configuration, and also because of the price including the license model. Nevertheless, as I said before the configuration of the device requires certain basic knowledge and because of low documentation, new users could face problems in order to correctly set the sometimes complex functions of the network and their security aspects. However, WiJungle could easily compensate that because of its instant active support.