can you run Untangle in a VM?
You can and I have before. I prefer having it's own box, though, since if for any reason the VM box is down your entire internet connection is down. It's a linux system, debian iirc. You just want to make sure that your hardware and hardware emulation are compatible with the base kernel that's used in the current version and that you have good NICs. I only recommend using NICs with Intel chipsets. When running as a VM, you'll want dedicated NICs for Untangle. They're hard to find, but if you find any of the old Dual 10/100 Intel NICs they work great. (Because of the OSI layers it attaches to you can have random network issues with some chipsets, hence the Intel-only recommendation to be sure to avoid issues.) You don't need gigabit since you're pretty much just dealing with traffic to and from the internet which is much slower than 100Mbit. You have to have at least two NICs but, if you have room in the system, more NICs equals more flexibility.
It'll run on pretty much anything, though, especially for smaller business or home networks. I've built a couple, one for my parents and one for some friends of our who have a B&B, out of mini-itx Atom systems and they work great. They, of course, didn't need many LAN connections. I have eight NICs in mine (seven in use) but I basically run three web-servers. If you have two NICs it'll set up an "External" and an "Internal" connection. If you have a third NIC then it gets automatically set as "DMZ". At four or more it begins using the typical linux designations of "eth3", "eth4", etc. The External is for the internet connection and Internal is typically for your most protected LAN. DMZ is always recommended to be used as a DMZ. If you need two separate LANs but don't want a DMZ then you'll want four NICs and you'll just not use the DMZ connection.
I mentioned that I have eight NICs in my Untangle. That gives me up to seven internal LAN connections but I'm only currently using six of them. I'm running it on an old Dell PowerEdge 2850 with dual integrated Intel NICs and three of those Dual 10/100 Intel NICs I mentioned. On my server I have the connections set up like this: External is for Internet (of course), the Internal is for my primary home LAN, the DMZ is for my segregated "guest" wifi connection, eth3 is for my segregated and protected "bench" LAN for working on computers and not having to worry about them spreading little nasties to any of my other systems, eth4 is linked to a public static IP for my personal Exchange server, eth5 is linked to a public static IP for my LAMP server, eth6 is linked to a public static IP for my VM/Development "test" server, and eth7 is currently unused. I've got a business class internet connection which gives me 8 public static IPs and lots of bandwidth.
I still do a little web/email hosting, web design, and consulting on the side in addition to my software development work which is why I "need" all that equipment. Of course, I could probably get away with a lot less but I'm a geek and I like my toys. :biggrin2: