Connection Log, 285 | Kerio Tech Firewall6 manual

20.5 Connection Log

•insert StaticRoutes ... — the particular command used to modify the WinRoute’s conﬁguration database (in this case, a static route was added to the routing table)

3.Other changes in conﬁguration

A typical example of this record type is the change of traﬃc rules. When the user hits Apply in Conﬁguration → Traﬃc policy, a complete list of current traﬃc rules is written to the Conﬁg log.

Example:

[18/Apr/2003 12:06:03] Admin - New traffic policy set: [18/Apr/2003 12:06:03] Admin - 1: name=(ICMP Traffic)

src=(any) dst=(any) service=("Ping") snat=(any) dnat=(any) action=(Permit) time_range=(always) inspector=(default)

•[18/Apr/2003 12:06:03] — date and time of the change

•Admin — login name of the user who did the change

•1: — traﬃc rule number (rules are numbered top to bottom according to their position in the table, the numbering starts from 1)

•name=(ICMP Traffic) ... — traﬃc rule deﬁnition (name, source, destination, service etc.)

Note: The default rule (see chapter 6.1) is marked with default instead of the posi- tional number.

20.5 Connection Log

Connection logs for traﬃc rules which are conﬁgured to be logged using the Log match- ing connections option (refer to chapter 66).

How to read the Connection Log?

[18/Apr/2003 10:22:47] [ID] 613181 [Rule] NAT [Service] HTTP [User] james

[Connection] TCP 192.168.1.140:1193 -> hit.top.com:80 [Duration] 121 sec [Bytes] 1575/1290/2865 [Packets] 5/9/14

•[18/Apr/2003 10:22:47] — date and time when the event was logged (Note: Con- nection logs are saved immediately after a disconnection)

•[ID] 613181 — WinRoute connection identiﬁcation number

285

Image 285

Kerio Tech Firewall6 manual Connection Log, 285

Contents

Kerio Technologies Administrator’s GuidePage Contents 113 Remote Administration and Update Checks 209 Kerio Clientless SSL-VPN 355 393 Quick Checklist Page Basic Features IntroductionKerio WinRoute Firewall Kerio WinRoute Firewall Additional Features Transparent support for Active Directory Antivirus controlEmail alerts User quotas Clientless SSL-VPN Conﬂicting softwareCollision of low-level drivers Port collision Antivirus applications Installation InstallationSteps to be taken before the installation System requirements Installation and Basic Conﬁguration Guide Custom installation selecting optional components Protection of the installed product Conﬂicting Applications and System Services WinRoute Components WinRoute Firewall EngineWinRoute Engine Monitor Kerio Administration Console WinRoute Engine MonitorWinRoute Engine Monitor Upgrade and Uninstallation Upgrade and Uninstallation UninstallationTypically the path C\Program Files\Kerio\WinRoute Firewall Update Checker Upgrade from WinRoute ProSetting of administration username and password Conﬁguration Wizard Remote Access Enable remote accessRemote IP address Initial conﬁguration Allowing remote administration Administration Window WinRoute Administration Administration Window Main menu WinRoute AdministrationFile Help menu Administration Window Status barDetection of WinRoute Firewall Engine connection drop-out Column customization in Interfaces View Settings View Settings Product Registration and Licensing License types and number of usersLicense types optional components Deciding on a number of users licenses License types and number of users Product License informationCopyright Homepage Subscription expiration date License IDProduct expiration date Number of users Registration of the trial version Registration of the product in the Administration Console Trial version registration security code Registration of the product in the Administration Console Trial version registration other information Trial version registration Trial ID Registration of the purchased product Product Registration and Licensing Registration of the product in the Administration Console 10 Product registration user information 12 Product registration summary Update of registration information Product registration at the website Subscription / Update Expiration Bubble alerts Subscription / Update Expiration 15 The notice that the subscription has already expired User counter User counter Start WinRouteLicense counter License release Network interfaces Settings for Interfaces and Network ServicesInterface IP Address and Mask Adapter info Dial or Hang Up /Enebale, DisableAdd Modify Special interfaces RefreshDial-In VPN server Interface type selection Bind this interface Use the following login data Use login data from the RAS entryInterface name RAS Entry Dial-up demand dial Connection Advanced Hangup if idle Edit Interface parameters Connection Failover Enable automatic connection failover Connection Failover SetupConnection Failover Current connection Conﬁguration of primary and secondary Internet connection Primary connection Secondary connectionDial-up Use DNS Forwarder conﬁguration DNS Forwarder Enable DNS forwarding DNS ForwarderDNS forwarding Enable DNS forwarding Enable cache for faster response of repeated queriesClear cache Use custom forwarding 10 Speciﬁc settings of DNS forwarding 11 DNS forwarding a new rule Simple DNS resolution Combine the name ... with DNS domain Before forwarding a query Dhcp server Dhcp server Dhcp Server ConﬁgurationDeﬁnition of Scopes and Reservations DNS server Lease timeWins server Domain 15 Dhcp server IP scopes deﬁnition Description First address, Last address Subnet maskExclusions Parameters 00bca5f21e50 Lease Reservations Leases Bc-a5-f2-1e-50 20 Dhcp server list of leased and reserved IP addresses Windows RAS Dhcp server advanced options Declined options Proxy server Enable non-transparent proxy server Proxy serverProxy Server Conﬁguration 22 Http proxy server settings Enable connection to any TCP port Http//192.168.1.13128/pac/proxy.pac Forward to parent proxy server Enable cache on proxy server Enable cache on transparent proxyHttp cache Http protocol TTL Cache size Http cache Memory cache size Max Http object sizeCache Options URL URL Speciﬁc Settings TTL Cache status and administration 26 Http cache administration dialog Network Rules Wizard Traﬃc Policy Network Rules Wizard InformationSelection of Internet connection type Network Policy Wizard selection of a connected adapter Network adapter or dial-up selection Allow access to all services Internet access limitations Enabling Kerio VPN traﬃc Allow access to the following services only Service Service is running on Generating the rules NAT Icmp traﬃc Rules Created by the Wizard Local Traﬃc Firewall Traﬃc How traﬃc rules work Deﬁnition of Custom Traﬃc RulesName 12 Traﬃc rule name, color and rule description Source, Destination IP range e.g Deﬁnition of Custom Traﬃc Rules 100 Service 101 Action 102 Log 103 Translation 20 Traﬃc rule destination address translation 104 Valid on Protocol inspector105 IP Translation NAT Basic Traﬃc Rule TypesSource Destination Placing the rule TranslationPort mapping 107 108 Limiting Internet Access Multihoming109 110 111 Exclusions 112 Speed limits for big data volumes transmissions How the bandwidth limiter works and how to use itBandwidth Limiter Speed limits for users with their quota exceeded Bandwidth Limiter conﬁguration Setting limit valuesBandwidth Limiter 114 Services Advanced Options115 116 IP Addresses and Time Interval 117 Bandwidth Limiter selection of network services 118 Detection of connections with large data volume transferred Detection of connections with large data volume transferred Examples119 120 User Authentication Firewall User Authentication121 User Authentication User authentication advanced options122 Redirection to the authentication Firewall User AuthenticationEnable non-transparent proxy server authentication Automatic authentication Ntlm 124 Automatically logout users when they are inactive Enable Web Interface Http Enable Kerio SSL-VPN serverWeb Interface Web Interface Parameters Conﬁguration Allow access only from these IP addresses Enable secured Web Interface HttpsWeb Interface WinRoute server name 127 Conﬁguration of ports of the Web Interface SSL Certiﬁcate for the Web Interface Generate or Import Certiﬁcate128 SSL certiﬁcate of WinRoute’s Web interface 129 Web Interface Language Preferences Login/logoutUsers logged 130 Login/logout Drdolittle@usoffice.company.com131 User password authentication Log out132 Status information and user statistics Status information and user statistics133 134 User preferences Save settings User preferences135 136 10 Editing user password Http protocol FTP protocol137 Conditions for Http and FTP ﬁltering URL Rules138 139 URL Rules 140 URL Rules Deﬁnition If user accessing the URL is URL matches criteria141 142 Allow access to the Web site Valid for IP address group Valid at time intervalValid if Mime type is Denial options Scan content for viruses according to scanning rules WWW content scanning optionsDeny Web pages containing 144 145 Http Inspection Advanced Options Allow Html ActiveX objects Global rules for Web elementsAllow Script Html tags 146 Allow Html JavaScript pop-up windows Content Rating System ISS OrangeWeb FilterAllow applet Html tags Allow cross-domain referrer 148 ISS OrangeWeb Filter conﬁguration Categorize each page regardless of Http rules Enable ISS OrangeWeb FilterServer ISS OrangeWeb Filter Deployment ISS OrangeWeb Filter rule 150 151 Web content ﬁltering by word occurrence 152 Deﬁnition of rules ﬁltering by word occurrence 153 Word groups 154 Deﬁnition of forbidden words FTP Policy WeightGroup Keyword FTP Rules Deﬁnition If user accessing the FTP server isFTP server is 156 15 FTP Rule basic parameters 158 Content 159 Antivirus control Conditions and limitations of antivirus scan160 161 Conditions and limitations of antivirus scan Antivirus control How to choose and setup antivirusesIntegrated McAfee 162 Last update check performed ... ago Check for update every ... hoursUpdate now Current virus database is Antivirus settings External antivirus164 An example of a traﬃc rule for outgoing Smtp traﬃc check 165 Http and FTP scanning 167 Http and FTP scanning Http and FTP scanning rules Condition168 169 Mime type 170 Email scanning 171 Email scanning 172 IP Address Groups Creating and Editing IP Address Groups173 Deﬁnitions Time IntervalsName Type Absolute Time range typesWeekly Daily From, To Time Interval TypeValid at days 176 Services Services177 Protocol Protocol inspector178 Source Port and Destination Port Protocol Inspectors179 180 URL Groups 181 URL Groups 182 Deﬁnitions Group Internal user database User Accounts and GroupsImport of user accounts from Active Directory 183 Viewing and deﬁnitions of user accounts User Accounts and Groups184 Local user accounts Accounts mapped from the Active Directory domain Local user accountsEdit User 186 Creating a local user account Local user accountsBasic information Full Name Account is disabled AuthenticationEmail Address Domain template NT domain / Kerberos Groups189 190 Access rights Read only access to administration No access to administrationFull access to administration User can override WWW content rules Data transmission quota Transfer quota192 Content rules Quota exceed action193 194 User’s IP addresses 195 Editing User Account Active Directory NT domain196 197 Automatic import of user accounts from Active Directory 198 Manual import of user accounts Active Directory domains mapping Active Directory domains mappingDomain mapping requirements 199 Single domain mapping Domain AccessActive Directory mapping 200 13 Active Directory domain mapping 201 NT authentication support Multiple domains mapping202 16 Conversion of user accounts 203 User groups User groups Deﬁnitions204 Creating a new local user group User groupsName and description of the group 205 Read only access Group access rightsGroup members 206 Users can override WWW content rules Users can connect using VPN207 Users are allowed to use P2P networks Users are allowed to view statistics208 Setting Remote Administration Remote Administration and Update ChecksHow to allow remote administration from the Internet 209 Update Checking Remote Administration and Update Checks210 Check for new versions Update CheckingCheck also for beta versions Check now 212 15.1 P2P Eliminator Advanced security featuresP2P Eliminator Conﬁguration 213 214 Advanced security features 15.1 P2P Eliminator Parameters for detection of P2P networks215 216 Special Security Settings Anti-Spooﬁng Special Security SettingsConnections Count Limit 217 Enable VPN using IPSec ProtocolEnable pass-through only for hosts IPSec preferences WinRoute’s IPSec conﬁguration VPN using IPSec ProtocolIPSec client in local network 219 Traﬃc rule for one IPSec client in the local network 220 221 IPSec server in local network Routing table Other settings Route Types Routing tableStatic routes 223 Network, Network Mask Deﬁnitions of Dynamic and Static RulesGateway Metric Demand Dial Demand DialRemoving routes from the Routing Table How demand dial works 226 227 Technical Peculiarities and Limitations 228 Setting Rules for Demand Dial 229 Dial of local DNS names Port mapping timeout Enable UPnPUniversal Plug-and-Play UPnP Conﬁguration of the UPnP support Relay Smtp server Relay Smtp serverLog packets Log connections Specify sender email address in From header Smtp requires authenticationTest 232 233 Status Information Active hosts and connected users234 Login duration Login timeHostname User Active Hosts dialog options Detailed information on a selected host and user 238 Traﬃc information Activity Description Connections239 240 Source, Destination 241 Histogram 242 Show connections related to the selected process 243 Show connections related to the selected process Options of the Connections Dialog Kill connection244 Font Color Color SettingsBackground Color 245 Alerts Settings Alerts246 Alerts Alert247 248 Alert Templates \Program Files\Kerio\WinRoute Firewall\templates by default Alerts overview in Administration Console249 13 Details of a selected event 250 Basic statistics Interface statistics251 Basic statistics Reset interface statisticsInterface Statistics menu 252 Remove interface statistics Interface statisticsGraphical view of interface load 253 254 User Statistics data volumes and quotas User Statistics data volumes and quotas User Statistics dialog options255 Remove user statistics Reset user statisticsView host 256 Kerio StaR statistics and reporting Monitoring and storage of statistic data257 Kerio StaR statistics and reporting Settings for statistics and quotaRequirements of the statistics 258 Enable/disable gathering of statistic data Settings for statistics and quotaAdvanced settings for statistics 259 260 Statistics and quota restrictions Remote access to the statistics Accessing the statistics from the WinRoute hostConnection to StaR and viewing statistics Statistics and quota accounting periods 262 StaR page in the web interface 263 Accounting period Custom accounting period 264 Overall View Overall View265 Top Requested Web Categories Top 5 users266 267 Used Protocol 268 User statistics User statistics269 13 The Users by Traﬃc table Users by Traﬃc Top Visited Websites Top Visited Websites 272 Top Requested Web Categories 16 Top visited websites sorted by categories 273 274 Logs Log settingsFilename.log 275 276 File Logging Log settings Syslog Logging277 Logs Context Menu Find Logs Context MenuHighlighting Select font Log debug Logs EncodingClear log Log highlighting Log highlighting settings 282 Debug log advanced settings Alert Log Alert Log 20.4 Conﬁg Log Logs284 Connection Log Connection Log285 Debug Log Dial Log286 Page 288 15/Mar/2004 155912 Line Connection disconnected Error Log Error Log289 ’McAfee update’ rule name Filter Log290 Http log Http log291 292 1058444114.733 0 192.168.64.64 TCPMISS/304 Security Log Security Log293 294 Authentication service Client IP address reason Sslvpn Log Sslvpn Log17/Dec/2004 121133 Engine Startup 17/Dec/2004 122243 Engine Shutdown 24/Apr/2003 102951 192.168.44.128 james Web Log Web Log 297 298 Kerio VPN 299 VPN Server Conﬁguration Kerio VPN Enable VPN serverGeneral IP address assignment 301 SSL certiﬁcate Advanced Listen on port302 303 Custom Routes 21.2 Conﬁguration of VPN clients Basic conﬁguration of traﬃc rules for VPN clients304 Deﬁnition of a tunnel to a remote server Setting up VPN serversName of the tunnel 305 306 Conﬁguration 307 Conﬁguration of a remote end of the tunnel DNS Settings Routing settings308 309 Connection establishment 310 Traﬃc Policy Settings for VPN Exchange of routing information Exchange of routing informationRouting conﬁguration options 311 Update of routing tables Routes provided automatically312 Example of Kerio VPN conﬁguration company with a ﬁlial oﬃce Speciﬁcation313 314 Common method 315 316 Headquarters conﬁguration 317 14 Headquarter creating default traﬃc rules for Kerio VPN 16 Headquarter DNS forwarder conﬁguration 318 319 19 Headquarters VPN server conﬁguration 320 321 LAN 322 Conﬁguration of a ﬁlial oﬃce 323 24 Filial oﬃce default traﬃc rules for Kerio VPN 25 Filial oﬃce DNS forwarder conﬁguration 324 325 28 Filial oﬃce VPN server conﬁguration 326 29 Filial oﬃce deﬁnition of VPN tunnel for the headquarters 327 Example of a more complex Kerio VPN conﬁguration VPN test328 329 Common method 330 331 332 33 Headquarter creating default traﬃc rules for Kerio VPN 35 Headquarter DNS forwarder conﬁguration 333 Kerio VPN 38 Headquarters VPN server conﬁguration 335 39 Headquarter deﬁnition of VPN tunnel for the London ﬁlial 336 337 338 43 Headquarter ﬁnal traﬃc rules 339 340 Conﬁguration of the London ﬁlial 341 46 The London ﬁlial oﬃce default traﬃc rules for Kerio VPN 342 48 The London ﬁlial oﬃce DNS forwarding settings 343 344 345 54 The London ﬁlial oﬃce ﬁnal traﬃc rules 346 347 Conﬁguration of the Paris ﬁlial 57 The Paris ﬁlial oﬃce DNS forwarder conﬁguration 348 59 The Paris ﬁlial oﬃce VPN server conﬁguration 349 350 351 352 64 The Paris ﬁlial oﬃce ﬁnal traﬃc rules 353 354 22.1 Conﬁguration of WinRoute’s SSL-VPN Kerio Clientless SSL-VPNSSL-VPN conﬁguration 355 Allowing access from the Internet Kerio Clientless SSL-VPN356 Usage of the SSL-VPN interface Usage of the SSL-VPN interfaceHttps//server Https//server12345 Sidneywashington@usoffice.company.com Handling ﬁles and folders358 Antivirus control \\server\folder\subfolderBookmarks 359 Troubleshooting Detection of incorrect conﬁguration of the default gateway360 23.2 Conﬁguration Backup and Transfer License SslcertCache.CFS Dnscache.cfg Handling conﬁguration ﬁles Conﬁguration backup recovery Star363 List name=Interfaces Automatic user authentication using Ntlm General conditions365 366 WinRoute Conﬁguration Ntlm authentication process Automatic user authentication using NtlmWeb browsers Microsoft Internet Explorer Firefox/Netscape/Mozilla/SeaMonkey Firefox/Netscape/Mozilla/SeaMonkey conﬁguration368 Partial Retirement of Protocol Inspector Partial Retirement of Protocol Inspector369 How to enable certain users to access the Internet User accounts and groups in traﬃc rules370 371 Enabling automatic authentication FTP on WinRoute’s proxy server Example of a client conﬁguration web browser372 Example of a client conﬁguration Total Commander FTP on WinRoute’s proxy server373 374 12 Setting proxy server for FTP in Total Commander Basic Information and System Requirements Network Load BalancingNetwork Conﬁguration 375 376 Network Load Balancing 24.3 Conﬁguration of the servers in the cluster NLB conﬁguration for Server1377 Server 1 cluster parameters 378 379 NLB conﬁguration for Server2 Essential Information Technical supportDescription 380 Tested in Beta version Error Log FilesInformational File License type and license number Contacts United KingdomCzech Republic Legal Presumption Libiconv Used open-source librariesOpenSSL 384 Copyright 2005 Sam Stephenson PrototypeZlib 385 Glossary of terms Default gatewayActiveX Cluster Firewall Greylisting387 IPSec Glossary of terms IP addressKerberos 388 P2P network Network adapterPacket Port Proxy server Glossary of termsRouting table Script 391 Spooﬁng 392 TCP/IP 393 Index 394 Index 395 Ntlm 396 VPN 397 133