Manuals / Kerio Tech / Computer Equipment / Network Router

Kerio Tech Firewall6 manual 20.4 Conﬁg Log, Logs, 284

Models: Firewall6

1 398

Download 398 pages 11.9 Kb

Page 284

Chapter 20 Logs

20.4 Conﬁg Log

The Conﬁg log stores a complete communication history between Administration Con- sole and the WinRoute Firewall Engine — the log allows you to ﬁnd out what administra- tion actions were performed by which user, and when.

The Conﬁg window contains three log types:

1.Information about user logins/logouts to/from the WinRoute’s administration Example:

[18/Apr/2003 10:25:02] james - session opened for host 192.168.32.100

[18/Apr/2003 10:32:56] james - session closed for host 192.168.32.100

•[18/Apr/2003 10:25:02] — date and time when the record was written to the log

•jsmith — the login name of the user logged in the WinRoute administration

•session opened for host 192.168.32.100 — information about the begin- ning of the communication and the IP address of the computer from which the user connected

•session closed for host 192.168.32.100 — information about the end of the communication with the particular computer (user logout or Administration Console closed)

2.Conﬁguration database changes

Changes performed in the Administration Console. A simpliﬁed form of the SQL language is used when communicating with the database.

Example:

[18/Apr/2003 10:27:46] jsmith - insert StaticRoutes set Enabled=’1’, Description=’VPN’, Net=’192.168.76.0’, Mask=’255.255.255.0’, Gateway=’192.168.1.16’, Interface=’LAN’, Metric=’1’

•[18/Apr/2003 10:27:46] — date and time when the record was written

•jsmith — the login name of the user logged in the WinRoute administration

284

Image 284

Kerio Tech Firewall6 manual 20.4 Conﬁg Log, Logs, 284

Contents

Administrator’s Guide Kerio TechnologiesPage Contents 113 Remote Administration and Update Checks 209 Kerio Clientless SSL-VPN 355 393 Quick Checklist Page Kerio WinRoute Firewall Basic FeaturesIntroduction Additional Features Kerio WinRoute FirewallAntivirus control Transparent support for Active DirectoryEmail alerts User quotasConﬂicting software Clientless SSL-VPNCollision of low-level drivers Port collisionAntivirus applications Installation InstallationSteps to be taken before the installation System requirementsInstallation and Basic Conﬁguration Guide Custom installation selecting optional components Protection of the installed product Conﬂicting Applications and System Services WinRoute Engine Monitor WinRoute ComponentsWinRoute Firewall Engine WinRoute Engine Monitor Kerio Administration ConsoleWinRoute Engine Monitor Upgrade and Uninstallation Typically the path C\Program Files\Kerio\WinRoute Firewall Upgrade and UninstallationUninstallation Upgrade from WinRoute Pro Update CheckerSetting of administration username and password Conﬁguration WizardRemote IP address Remote AccessEnable remote access Initial conﬁguration Allowing remote administration WinRoute Administration Administration WindowWinRoute Administration Administration Window Main menuFile Help menuDetection of WinRoute Firewall Engine connection drop-out Administration WindowStatus bar View Settings Column customization in InterfacesView Settings License types optional components Product Registration and LicensingLicense types and number of users License types and number of users Deciding on a number of users licensesLicense information ProductCopyright HomepageLicense ID Subscription expiration dateProduct expiration date Number of usersRegistration of the product in the Administration Console Registration of the trial versionRegistration of the product in the Administration Console Trial version registration security codeTrial version registration other information Registration of the purchased product Trial version registration Trial IDProduct Registration and Licensing Registration of the product in the Administration Console 10 Product registration user information Update of registration information 12 Product registration summarySubscription / Update Expiration Product registration at the websiteSubscription / Update Expiration Bubble alertsUser counter 15 The notice that the subscription has already expiredLicense counter User counterStart WinRoute License release Settings for Interfaces and Network Services Network interfacesInterface IP Address and MaskDial or Hang Up /Enebale, Disable Adapter infoAdd ModifyRefresh Special interfacesDial-In VPN serverBind this interface Interface type selectionUse login data from the RAS entry Use the following login dataInterface name RAS EntryConnection Dial-up demand dialHangup if idle AdvancedConnection Failover Edit Interface parametersConnection Failover Setup Enable automatic connection failoverConnection Failover Current connectionConﬁguration of primary and secondary Internet connection Dial-up Use Primary connectionSecondary connection DNS Forwarder DNS Forwarder conﬁgurationDNS forwarding Enable DNS forwardingDNS Forwarder Enable cache for faster response of repeated queries Enable DNS forwardingClear cache Use custom forwarding10 Speciﬁc settings of DNS forwarding Simple DNS resolution 11 DNS forwarding a new ruleBefore forwarding a query Combine the name ... with DNS domainDhcp server Deﬁnition of Scopes and Reservations Dhcp serverDhcp Server Conﬁguration Lease time DNS serverWins server DomainDescription 15 Dhcp server IP scopes deﬁnitionExclusions First address, Last addressSubnet mask Parameters Lease Reservations 00bca5f21e50Bc-a5-f2-1e-50 Leases20 Dhcp server list of leased and reserved IP addresses Dhcp server advanced options Windows RASProxy server Declined optionsProxy Server Conﬁguration Enable non-transparent proxy serverProxy server Enable connection to any TCP port 22 Http proxy server settingsForward to parent proxy server Http//192.168.1.13128/pac/proxy.pacEnable cache on transparent proxy Enable cache on proxy serverHttp cache Http protocol TTLHttp cache Cache sizeCache Options Memory cache sizeMax Http object size URL Speciﬁc Settings URLCache status and administration TTL26 Http cache administration dialog Traﬃc Policy Network Rules WizardSelection of Internet connection type Network Rules WizardInformation Network adapter or dial-up selection Network Policy Wizard selection of a connected adapterInternet access limitations Allow access to all servicesAllow access to the following services only Enabling Kerio VPN traﬃcService is running on ServiceNAT Generating the rulesRules Created by the Wizard Icmp traﬃcLocal Traﬃc Firewall Traﬃc Name How traﬃc rules workDeﬁnition of Custom Traﬃc Rules Source, Destination 12 Traﬃc rule name, color and rule descriptionIP range e.g Deﬁnition of Custom Traﬃc Rules Service 100Action 101Log 102Translation 103104 20 Traﬃc rule destination address translation105 Valid onProtocol inspector Basic Traﬃc Rule Types IP Translation NATSource DestinationTranslation Placing the rulePort mapping 107108 109 Limiting Internet AccessMultihoming 110 Exclusions 111112 How the bandwidth limiter works and how to use it Speed limits for big data volumes transmissionsBandwidth Limiter Speed limits for users with their quota exceededSetting limit values Bandwidth Limiter conﬁgurationBandwidth Limiter 114115 ServicesAdvanced Options IP Addresses and Time Interval 116Bandwidth Limiter selection of network services 117Detection of connections with large data volume transferred 118119 Detection of connections with large data volume transferredExamples 120 121 User AuthenticationFirewall User Authentication 122 User AuthenticationUser authentication advanced options Firewall User Authentication Redirection to the authenticationEnable non-transparent proxy server authentication Automatic authentication NtlmAutomatically logout users when they are inactive 124Enable Kerio SSL-VPN server Enable Web Interface HttpWeb Interface Web Interface Parameters ConﬁgurationEnable secured Web Interface Https Allow access only from these IP addressesWeb Interface WinRoute server nameConﬁguration of ports of the Web Interface 127128 SSL Certiﬁcate for the Web InterfaceGenerate or Import Certiﬁcate 129 SSL certiﬁcate of WinRoute’s Web interfaceLogin/logout Web Interface Language PreferencesUsers logged 130131 Login/logoutDrdolittle@usoffice.company.com 132 User password authenticationLog out 133 Status information and user statisticsStatus information and user statistics User preferences 134135 Save settingsUser preferences 10 Editing user password 136137 Http protocolFTP protocol 138 Conditions for Http and FTP ﬁlteringURL Rules URL Rules 139URL Rules Deﬁnition 140141 If user accessing the URL isURL matches criteria Allow access to the Web site 142Valid at time interval Valid for IP address groupValid if Mime type is Denial optionsWWW content scanning options Scan content for viruses according to scanning rulesDeny Web pages containing 144Http Inspection Advanced Options 145Global rules for Web elements Allow Html ActiveX objectsAllow Script Html tags 146Content Rating System ISS OrangeWeb Filter Allow Html JavaScript pop-up windowsAllow applet Html tags Allow cross-domain referrerISS OrangeWeb Filter conﬁguration 148Enable ISS OrangeWeb Filter Categorize each page regardless of Http rulesServer ISS OrangeWeb Filter Deployment150 ISS OrangeWeb Filter ruleWeb content ﬁltering by word occurrence 151Deﬁnition of rules ﬁltering by word occurrence 152Word groups 153Deﬁnition of forbidden words 154Weight FTP PolicyGroup KeywordIf user accessing the FTP server is FTP Rules DeﬁnitionFTP server is 15615 FTP Rule basic parameters Content 158159 160 Antivirus controlConditions and limitations of antivirus scan Conditions and limitations of antivirus scan 161How to choose and setup antiviruses Antivirus controlIntegrated McAfee 162Check for update every ... hours Last update check performed ... agoUpdate now Current virus database is164 Antivirus settingsExternal antivirus 165 An example of a traﬃc rule for outgoing Smtp traﬃc checkHttp and FTP scanning Http and FTP scanning 167168 Http and FTP scanning rulesCondition Mime type 169Email scanning 170Email scanning 171172 173 IP Address GroupsCreating and Editing IP Address Groups Time Intervals DeﬁnitionsName TypeTime range types AbsoluteWeekly DailyTime Interval Type From, ToValid at days 176177 ServicesServices 178 ProtocolProtocol inspector 179 Source Port and Destination PortProtocol Inspectors URL Groups 180URL Groups 181Deﬁnitions Group 182User Accounts and Groups Internal user databaseImport of user accounts from Active Directory 183184 Viewing and deﬁnitions of user accountsUser Accounts and Groups Local user accounts Local user accounts Accounts mapped from the Active Directory domainEdit User 186Local user accounts Creating a local user accountBasic information Full NameAuthentication Account is disabledEmail Address Domain template189 NT domain / KerberosGroups Access rights 190No access to administration Read only access to administrationFull access to administration User can override WWW content rules192 Data transmission quotaTransfer quota 193 Content rulesQuota exceed action User’s IP addresses 194Editing User Account 195196 Active DirectoryNT domain Automatic import of user accounts from Active Directory 197Manual import of user accounts 198Active Directory domains mapping Active Directory domains mappingDomain mapping requirements 199Domain Access Single domain mappingActive Directory mapping 200201 13 Active Directory domain mapping202 NT authentication supportMultiple domains mapping 203 16 Conversion of user accounts204 User groupsUser groups Deﬁnitions User groups Creating a new local user groupName and description of the group 205Group access rights Read only accessGroup members 206207 Users can override WWW content rulesUsers can connect using VPN 208 Users are allowed to use P2P networksUsers are allowed to view statistics Remote Administration and Update Checks Setting Remote AdministrationHow to allow remote administration from the Internet 209210 Update CheckingRemote Administration and Update Checks Update Checking Check for new versionsCheck also for beta versions Check now212 Advanced security features 15.1 P2P EliminatorP2P Eliminator Conﬁguration 213Advanced security features 214215 15.1 P2P EliminatorParameters for detection of P2P networks Special Security Settings 216Special Security Settings Anti-SpooﬁngConnections Count Limit 217VPN using IPSec Protocol EnableEnable pass-through only for hosts IPSec preferencesVPN using IPSec Protocol WinRoute’s IPSec conﬁgurationIPSec client in local network 219220 Traﬃc rule for one IPSec client in the local networkIPSec server in local network 221Other settings Routing tableRouting table Route TypesStatic routes 223Deﬁnitions of Dynamic and Static Rules Network, Network MaskGateway MetricDemand Dial Demand DialRemoving routes from the Routing Table How demand dial works226 Technical Peculiarities and Limitations 227Setting Rules for Demand Dial 228Dial of local DNS names 229Enable UPnP Port mapping timeoutUniversal Plug-and-Play UPnP Conﬁguration of the UPnP supportRelay Smtp server Relay Smtp serverLog packets Log connectionsSmtp requires authentication Specify sender email address in From headerTest 232233 234 Status InformationActive hosts and connected users Login time Login durationHostname UserActive Hosts dialog options Detailed information on a selected host and user Traﬃc information 238239 Activity DescriptionConnections Source, Destination 240Histogram 241Show connections related to the selected process 242Show connections related to the selected process 243244 Options of the Connections DialogKill connection Color Settings Font ColorBackground Color 245246 Alerts SettingsAlerts 247 AlertsAlert Alert Templates 248249 \Program Files\Kerio\WinRoute Firewall\templates by defaultAlerts overview in Administration Console 250 13 Details of a selected event251 Basic statisticsInterface statistics Reset interface statistics Basic statisticsInterface Statistics menu 252Interface statistics Remove interface statisticsGraphical view of interface load 253User Statistics data volumes and quotas 254255 User Statistics data volumes and quotasUser Statistics dialog options Reset user statistics Remove user statisticsView host 256257 Kerio StaR statistics and reportingMonitoring and storage of statistic data Settings for statistics and quota Kerio StaR statistics and reportingRequirements of the statistics 258Settings for statistics and quota Enable/disable gathering of statistic dataAdvanced settings for statistics 259Statistics and quota restrictions 260Accessing the statistics from the WinRoute host Remote access to the statisticsConnection to StaR and viewing statistics Statistics and quota accounting periodsStaR page in the web interface 262Accounting period 263264 Custom accounting period265 Overall ViewOverall View 266 Top Requested Web CategoriesTop 5 users Used Protocol 267268 269 User statisticsUser statistics Users by Traﬃc 13 The Users by Traﬃc tableTop Visited Websites Top Visited WebsitesTop Requested Web Categories 272273 16 Top visited websites sorted by categories274 Log settings LogsFilename.log 275File Logging 276277 Log settingsSyslog Logging Logs Context Menu Logs Context Menu FindHighlighting Select fontLogs Encoding Log debugClear log Log highlightingLog highlighting settings Debug log advanced settings 282Alert Log Alert Log284 20.4 Conﬁg LogLogs 285 Connection LogConnection Log 286 Debug LogDial Log Page 15/Mar/2004 155912 Line Connection disconnected 288289 Error LogError Log 290 ’McAfee update’ rule nameFilter Log 291 Http logHttp log 1058444114.733 0 192.168.64.64 TCPMISS/304 292293 Security LogSecurity Log Authentication service Client IP address reason 294Sslvpn Log Sslvpn Log17/Dec/2004 121133 Engine Startup 17/Dec/2004 122243 Engine ShutdownWeb Log 24/Apr/2003 102951 192.168.44.128 jamesWeb Log 297 Kerio VPN 298VPN Server Conﬁguration 299Enable VPN server Kerio VPNGeneral IP address assignmentSSL certiﬁcate 301302 AdvancedListen on port Custom Routes 303304 21.2 Conﬁguration of VPN clientsBasic conﬁguration of traﬃc rules for VPN clients Setting up VPN servers Deﬁnition of a tunnel to a remote serverName of the tunnel 305Conﬁguration 306Conﬁguration of a remote end of the tunnel 307308 DNS SettingsRouting settings Connection establishment 309Traﬃc Policy Settings for VPN 310Exchange of routing information Exchange of routing informationRouting conﬁguration options 311312 Update of routing tablesRoutes provided automatically 313 Example of Kerio VPN conﬁguration company with a ﬁlial oﬃceSpeciﬁcation Common method 314315 Headquarters conﬁguration 31614 Headquarter creating default traﬃc rules for Kerio VPN 317318 16 Headquarter DNS forwarder conﬁguration319 320 19 Headquarters VPN server conﬁgurationLAN 321Conﬁguration of a ﬁlial oﬃce 32224 Filial oﬃce default traﬃc rules for Kerio VPN 323324 25 Filial oﬃce DNS forwarder conﬁguration325 326 28 Filial oﬃce VPN server conﬁguration327 29 Filial oﬃce deﬁnition of VPN tunnel for the headquarters328 Example of a more complex Kerio VPN conﬁgurationVPN test Common method 329330 331 33 Headquarter creating default traﬃc rules for Kerio VPN 332333 35 Headquarter DNS forwarder conﬁgurationKerio VPN 335 38 Headquarters VPN server conﬁguration336 39 Headquarter deﬁnition of VPN tunnel for the London ﬁlial337 338 339 43 Headquarter ﬁnal traﬃc rulesConﬁguration of the London ﬁlial 34046 The London ﬁlial oﬃce default traﬃc rules for Kerio VPN 34148 The London ﬁlial oﬃce DNS forwarding settings 342343 344 345 346 54 The London ﬁlial oﬃce ﬁnal traﬃc rulesConﬁguration of the Paris ﬁlial 347348 57 The Paris ﬁlial oﬃce DNS forwarder conﬁguration349 59 The Paris ﬁlial oﬃce VPN server conﬁguration350 351 352 353 64 The Paris ﬁlial oﬃce ﬁnal traﬃc rules354 Kerio Clientless SSL-VPN 22.1 Conﬁguration of WinRoute’s SSL-VPNSSL-VPN conﬁguration 355356 Allowing access from the InternetKerio Clientless SSL-VPN Usage of the SSL-VPN interface Usage of the SSL-VPN interfaceHttps//server Https//server12345358 Sidneywashington@usoffice.company.comHandling ﬁles and folders \\server\folder\subfolder Antivirus controlBookmarks 359360 TroubleshootingDetection of incorrect conﬁguration of the default gateway 23.2 Conﬁguration Backup and Transfer Sslcert LicenseCache.CFS Dnscache.cfg363 Handling conﬁguration ﬁles Conﬁguration backup recoveryStar List name=Interfaces 365 Automatic user authentication using NtlmGeneral conditions WinRoute Conﬁguration 366Automatic user authentication using Ntlm Ntlm authentication processWeb browsers Microsoft Internet Explorer368 Firefox/Netscape/Mozilla/SeaMonkeyFirefox/Netscape/Mozilla/SeaMonkey conﬁguration 369 Partial Retirement of Protocol InspectorPartial Retirement of Protocol Inspector 370 How to enable certain users to access the InternetUser accounts and groups in traﬃc rules Enabling automatic authentication 371372 FTP on WinRoute’s proxy serverExample of a client conﬁguration web browser 373 Example of a client conﬁguration Total CommanderFTP on WinRoute’s proxy server 12 Setting proxy server for FTP in Total Commander 374Network Load Balancing Basic Information and System RequirementsNetwork Conﬁguration 375Network Load Balancing 376377 24.3 Conﬁguration of the servers in the clusterNLB conﬁguration for Server1 378 Server 1 cluster parametersNLB conﬁguration for Server2 379Technical support Essential InformationDescription 380Error Log Files Tested in Beta versionInformational File License type and license numberCzech Republic ContactsUnited Kingdom Legal Presumption Used open-source libraries LibiconvOpenSSL 384Prototype Copyright 2005 Sam StephensonZlib 385Default gateway Glossary of termsActiveX Cluster387 FirewallGreylisting Glossary of terms IP address IPSecKerberos 388Network adapter P2P networkPacket PortGlossary of terms Proxy serverRouting table ScriptSpooﬁng 391TCP/IP 392Index 393Index 394Ntlm 395VPN 396133 397