Manuals
/
Kerio Tech
/
Computer Equipment
/
Network Router
Kerio Tech
Firewall6
manual
378, Server 1 cluster parameters
Models:
Firewall6
1
378
398
398
Download
398 pages
11.9 Kb
375
376
377
378
379
380
381
382
Troubleshooting
Install
Password
Error Log
Login
Administrator’s Guide
Reset interface statistics
Remote Access
Connection Failover Setup
Port mapping timeout
Page 378
Image 378
Chapter 24
Network Load Balancing
Figure 24.2 Server 1 — cluster parameters
Figure 24.3 Server 1 — host parameters
378
Page 377
Page 379
Page 378
Image 378
Page 377
Page 379
Contents
Administrator’s Guide
Kerio Technologies
Page
Contents
113
Remote Administration and Update Checks 209
Kerio Clientless SSL-VPN 355
393
Quick Checklist
Page
Basic Features
Introduction
Kerio WinRoute Firewall
Additional Features
Kerio WinRoute Firewall
Email alerts
Antivirus control
Transparent support for Active Directory
User quotas
Collision of low-level drivers
Conflicting software
Clientless SSL-VPN
Port collision
Antivirus applications
Steps to be taken before the installation
Installation
Installation
System requirements
Installation and Basic Configuration Guide
Custom installation selecting optional components
Protection of the installed product
Conflicting Applications and System Services
WinRoute Components
WinRoute Firewall Engine
WinRoute Engine Monitor
Kerio Administration Console
WinRoute Engine Monitor
WinRoute Engine Monitor
Upgrade and Uninstallation
Upgrade and Uninstallation
Uninstallation
Typically the path C\Program Files\Kerio\WinRoute Firewall
Setting of administration username and password
Upgrade from WinRoute Pro
Update Checker
Configuration Wizard
Remote Access
Enable remote access
Remote IP address
Initial configuration Allowing remote administration
WinRoute Administration
Administration Window
File
WinRoute Administration
Administration Window Main menu
Help menu
Administration Window
Status bar
Detection of WinRoute Firewall Engine connection drop-out
View Settings
Column customization in Interfaces
View Settings
Product Registration and Licensing
License types and number of users
License types optional components
License types and number of users
Deciding on a number of users licenses
Copyright
License information
Product
Homepage
Product expiration date
License ID
Subscription expiration date
Number of users
Registration of the product in the Administration Console
Registration of the trial version
Registration of the product in the Administration Console
Trial version registration security code
Trial version registration other information
Registration of the purchased product
Trial version registration Trial ID
Product Registration and Licensing
Registration of the product in the Administration Console
10 Product registration user information
Update of registration information
12 Product registration summary
Subscription / Update Expiration
Product registration at the website
Subscription / Update Expiration
Bubble alerts
User counter
15 The notice that the subscription has already expired
User counter
Start WinRoute
License counter
License release
Interface
Settings for Interfaces and Network Services
Network interfaces
IP Address and Mask
Add
Dial or Hang Up /Enebale, Disable
Adapter info
Modify
Dial-In
Refresh
Special interfaces
VPN server
Bind this interface
Interface type selection
Interface name
Use login data from the RAS entry
Use the following login data
RAS Entry
Connection
Dial-up demand dial
Hangup if idle
Advanced
Connection Failover
Edit Interface parameters
Connection Failover
Connection Failover Setup
Enable automatic connection failover
Current connection
Configuration of primary and secondary Internet connection
Primary connection
Secondary connection
Dial-up Use
DNS Forwarder
DNS Forwarder configuration
Enable DNS forwarding
DNS Forwarder
DNS forwarding
Clear cache
Enable cache for faster response of repeated queries
Enable DNS forwarding
Use custom forwarding
10 Specific settings of DNS forwarding
Simple DNS resolution
11 DNS forwarding a new rule
Before forwarding a query
Combine the name ... with DNS domain
Dhcp server
Dhcp server
Dhcp Server Configuration
Definition of Scopes and Reservations
Wins server
Lease time
DNS server
Domain
Description
15 Dhcp server IP scopes definition
First address, Last address
Subnet mask
Exclusions
Parameters
Lease Reservations
00bca5f21e50
Bc-a5-f2-1e-50
Leases
20 Dhcp server list of leased and reserved IP addresses
Dhcp server advanced options
Windows RAS
Proxy server
Declined options
Enable non-transparent proxy server
Proxy server
Proxy Server Configuration
Enable connection to any TCP port
22 Http proxy server settings
Forward to parent proxy server
Http//192.168.1.13128/pac/proxy.pac
Http cache
Enable cache on transparent proxy
Enable cache on proxy server
Http protocol TTL
Http cache
Cache size
Memory cache size
Max Http object size
Cache Options
URL Specific Settings
URL
Cache status and administration
TTL
26 Http cache administration dialog
Traffic Policy
Network Rules Wizard
Network Rules Wizard
Information
Selection of Internet connection type
Network adapter or dial-up selection
Network Policy Wizard selection of a connected adapter
Internet access limitations
Allow access to all services
Allow access to the following services only
Enabling Kerio VPN traffic
Service is running on
Service
NAT
Generating the rules
Rules Created by the Wizard
Icmp traffic
Local Traffic
Firewall Traffic
How traffic rules work
Definition of Custom Traffic Rules
Name
Source, Destination
12 Traffic rule name, color and rule description
IP range e.g
Definition of Custom Traffic Rules
Service
100
Action
101
Log
102
Translation
103
104
20 Traffic rule destination address translation
Valid on
Protocol inspector
105
Source
Basic Traffic Rule Types
IP Translation NAT
Destination
Port mapping
Translation
Placing the rule
107
108
Limiting Internet Access
Multihoming
109
110
Exclusions
111
112
Bandwidth Limiter
How the bandwidth limiter works and how to use it
Speed limits for big data volumes transmissions
Speed limits for users with their quota exceeded
Bandwidth Limiter
Setting limit values
Bandwidth Limiter configuration
114
Services
Advanced Options
115
IP Addresses and Time Interval
116
Bandwidth Limiter selection of network services
117
Detection of connections with large data volume transferred
118
Detection of connections with large data volume transferred
Examples
119
120
User Authentication
Firewall User Authentication
121
User Authentication
User authentication advanced options
122
Enable non-transparent proxy server authentication
Firewall User Authentication
Redirection to the authentication
Automatic authentication Ntlm
Automatically logout users when they are inactive
124
Web Interface
Enable Kerio SSL-VPN server
Enable Web Interface Http
Web Interface Parameters Configuration
Web Interface
Enable secured Web Interface Https
Allow access only from these IP addresses
WinRoute server name
Configuration of ports of the Web Interface
127
SSL Certificate for the Web Interface
Generate or Import Certificate
128
129
SSL certificate of WinRoute’s Web interface
Users logged
Login/logout
Web Interface Language Preferences
130
Login/logout
Drdolittle@usoffice.company.com
131
User password authentication
Log out
132
Status information and user statistics
Status information and user statistics
133
User preferences
134
Save settings
User preferences
135
10 Editing user password
136
Http protocol
FTP protocol
137
Conditions for Http and FTP filtering
URL Rules
138
URL Rules
139
URL Rules Definition
140
If user accessing the URL is
URL matches criteria
141
Allow access to the Web site
142
Valid if Mime type is
Valid at time interval
Valid for IP address group
Denial options
Deny Web pages containing
WWW content scanning options
Scan content for viruses according to scanning rules
144
Http Inspection Advanced Options
145
Allow Script Html tags
Global rules for Web elements
Allow Html ActiveX objects
146
Allow applet Html tags
Content Rating System ISS OrangeWeb Filter
Allow Html JavaScript pop-up windows
Allow cross-domain referrer
ISS OrangeWeb Filter configuration
148
Server
Enable ISS OrangeWeb Filter
Categorize each page regardless of Http rules
ISS OrangeWeb Filter Deployment
150
ISS OrangeWeb Filter rule
Web content filtering by word occurrence
151
Definition of rules filtering by word occurrence
152
Word groups
153
Definition of forbidden words
154
Group
Weight
FTP Policy
Keyword
FTP server is
If user accessing the FTP server is
FTP Rules Definition
156
15 FTP Rule basic parameters
Content
158
159
Antivirus control
Conditions and limitations of antivirus scan
160
Conditions and limitations of antivirus scan
161
Integrated McAfee
How to choose and setup antiviruses
Antivirus control
162
Update now
Check for update every ... hours
Last update check performed ... ago
Current virus database is
Antivirus settings
External antivirus
164
165
An example of a traffic rule for outgoing Smtp traffic check
Http and FTP scanning
Http and FTP scanning
167
Http and FTP scanning rules
Condition
168
Mime type
169
Email scanning
170
Email scanning
171
172
IP Address Groups
Creating and Editing IP Address Groups
173
Name
Time Intervals
Definitions
Type
Weekly
Time range types
Absolute
Daily
Valid at days
Time Interval Type
From, To
176
Services
Services
177
Protocol
Protocol inspector
178
Source Port and Destination Port
Protocol Inspectors
179
URL Groups
180
URL Groups
181
Definitions Group
182
Import of user accounts from Active Directory
User Accounts and Groups
Internal user database
183
Viewing and definitions of user accounts
User Accounts and Groups
184
Local user accounts
Edit User
Local user accounts
Accounts mapped from the Active Directory domain
186
Basic information
Local user accounts
Creating a local user account
Full Name
Email Address
Authentication
Account is disabled
Domain template
NT domain / Kerberos
Groups
189
Access rights
190
Full access to administration
No access to administration
Read only access to administration
User can override WWW content rules
Data transmission quota
Transfer quota
192
Content rules
Quota exceed action
193
User’s IP addresses
194
Editing User Account
195
Active Directory
NT domain
196
Automatic import of user accounts from Active Directory
197
Manual import of user accounts
198
Domain mapping requirements
Active Directory domains mapping
Active Directory domains mapping
199
Active Directory mapping
Domain Access
Single domain mapping
200
201
13 Active Directory domain mapping
NT authentication support
Multiple domains mapping
202
203
16 Conversion of user accounts
User groups
User groups Definitions
204
Name and description of the group
User groups
Creating a new local user group
205
Group members
Group access rights
Read only access
206
Users can override WWW content rules
Users can connect using VPN
207
Users are allowed to use P2P networks
Users are allowed to view statistics
208
How to allow remote administration from the Internet
Remote Administration and Update Checks
Setting Remote Administration
209
Update Checking
Remote Administration and Update Checks
210
Check also for beta versions
Update Checking
Check for new versions
Check now
212
P2P Eliminator Configuration
Advanced security features
15.1 P2P Eliminator
213
Advanced security features
214
15.1 P2P Eliminator
Parameters for detection of P2P networks
215
Special Security Settings
216
Connections Count Limit
Special Security Settings
Anti-Spoofing
217
Enable pass-through only for hosts
VPN using IPSec Protocol
Enable
IPSec preferences
IPSec client in local network
VPN using IPSec Protocol
WinRoute’s IPSec configuration
219
220
Traffic rule for one IPSec client in the local network
IPSec server in local network
221
Other settings
Routing table
Static routes
Routing table
Route Types
223
Gateway
Definitions of Dynamic and Static Rules
Network, Network Mask
Metric
Removing routes from the Routing Table
Demand Dial
Demand Dial
How demand dial works
226
Technical Peculiarities and Limitations
227
Setting Rules for Demand Dial
228
Dial of local DNS names
229
Universal Plug-and-Play UPnP
Enable UPnP
Port mapping timeout
Configuration of the UPnP support
Log packets
Relay Smtp server
Relay Smtp server
Log connections
Test
Smtp requires authentication
Specify sender email address in From header
232
233
Status Information
Active hosts and connected users
234
Hostname
Login time
Login duration
User
Active Hosts dialog options
Detailed information on a selected host and user
Traffic information
238
Activity Description
Connections
239
Source, Destination
240
Histogram
241
Show connections related to the selected process
242
Show connections related to the selected process
243
Options of the Connections Dialog
Kill connection
244
Background Color
Color Settings
Font Color
245
Alerts Settings
Alerts
246
Alerts
Alert
247
Alert Templates
248
\Program Files\Kerio\WinRoute Firewall\templates by default
Alerts overview in Administration Console
249
250
13 Details of a selected event
Basic statistics
Interface statistics
251
Interface Statistics menu
Reset interface statistics
Basic statistics
252
Graphical view of interface load
Interface statistics
Remove interface statistics
253
User Statistics data volumes and quotas
254
User Statistics data volumes and quotas
User Statistics dialog options
255
View host
Reset user statistics
Remove user statistics
256
Kerio StaR statistics and reporting
Monitoring and storage of statistic data
257
Requirements of the statistics
Settings for statistics and quota
Kerio StaR statistics and reporting
258
Advanced settings for statistics
Settings for statistics and quota
Enable/disable gathering of statistic data
259
Statistics and quota restrictions
260
Connection to StaR and viewing statistics
Accessing the statistics from the WinRoute host
Remote access to the statistics
Statistics and quota accounting periods
StaR page in the web interface
262
Accounting period
263
264
Custom accounting period
Overall View
Overall View
265
Top Requested Web Categories
Top 5 users
266
Used Protocol
267
268
User statistics
User statistics
269
Users by Traffic
13 The Users by Traffic table
Top Visited Websites
Top Visited Websites
Top Requested Web Categories
272
273
16 Top visited websites sorted by categories
274
Filename.log
Log settings
Logs
275
File Logging
276
Log settings
Syslog Logging
277
Logs Context Menu
Highlighting
Logs Context Menu
Find
Select font
Clear log
Logs Encoding
Log debug
Log highlighting
Log highlighting settings
Debug log advanced settings
282
Alert Log
Alert Log
20.4 Config Log
Logs
284
Connection Log
Connection Log
285
Debug Log
Dial Log
286
Page
15/Mar/2004 155912 Line Connection disconnected
288
Error Log
Error Log
289
’McAfee update’ rule name
Filter Log
290
Http log
Http log
291
1058444114.733 0 192.168.64.64 TCPMISS/304
292
Security Log
Security Log
293
Authentication service Client IP address reason
294
17/Dec/2004 121133 Engine Startup
Sslvpn Log
Sslvpn Log
17/Dec/2004 122243 Engine Shutdown
Web Log
24/Apr/2003 102951 192.168.44.128 james
Web Log 297
Kerio VPN
298
VPN Server Configuration
299
General
Enable VPN server
Kerio VPN
IP address assignment
SSL certificate
301
Advanced
Listen on port
302
Custom Routes
303
21.2 Configuration of VPN clients
Basic configuration of traffic rules for VPN clients
304
Name of the tunnel
Setting up VPN servers
Definition of a tunnel to a remote server
305
Configuration
306
Configuration of a remote end of the tunnel
307
DNS Settings
Routing settings
308
Connection establishment
309
Traffic Policy Settings for VPN
310
Routing configuration options
Exchange of routing information
Exchange of routing information
311
Update of routing tables
Routes provided automatically
312
Example of Kerio VPN configuration company with a filial office
Specification
313
Common method
314
315
Headquarters configuration
316
14 Headquarter creating default traffic rules for Kerio VPN
317
318
16 Headquarter DNS forwarder configuration
319
320
19 Headquarters VPN server configuration
LAN
321
Configuration of a filial office
322
24 Filial office default traffic rules for Kerio VPN
323
324
25 Filial office DNS forwarder configuration
325
326
28 Filial office VPN server configuration
327
29 Filial office definition of VPN tunnel for the headquarters
Example of a more complex Kerio VPN configuration
VPN test
328
Common method
329
330
331
33 Headquarter creating default traffic rules for Kerio VPN
332
333
35 Headquarter DNS forwarder configuration
Kerio VPN
335
38 Headquarters VPN server configuration
336
39 Headquarter definition of VPN tunnel for the London filial
337
338
339
43 Headquarter final traffic rules
Configuration of the London filial
340
46 The London filial office default traffic rules for Kerio VPN
341
48 The London filial office DNS forwarding settings
342
343
344
345
346
54 The London filial office final traffic rules
Configuration of the Paris filial
347
348
57 The Paris filial office DNS forwarder configuration
349
59 The Paris filial office VPN server configuration
350
351
352
353
64 The Paris filial office final traffic rules
354
SSL-VPN configuration
Kerio Clientless SSL-VPN
22.1 Configuration of WinRoute’s SSL-VPN
355
Allowing access from the Internet
Kerio Clientless SSL-VPN
356
Https//server
Usage of the SSL-VPN interface
Usage of the SSL-VPN interface
Https//server12345
Sidneywashington@usoffice.company.com
Handling files and folders
358
Bookmarks
\\server\folder\subfolder
Antivirus control
359
Troubleshooting
Detection of incorrect configuration of the default gateway
360
23.2 Configuration Backup and Transfer
Cache.CFS
Sslcert
License
Dnscache.cfg
Handling configuration files Configuration backup recovery
Star
363
List name=Interfaces
Automatic user authentication using Ntlm
General conditions
365
WinRoute Configuration
366
Web browsers
Automatic user authentication using Ntlm
Ntlm authentication process
Microsoft Internet Explorer
Firefox/Netscape/Mozilla/SeaMonkey
Firefox/Netscape/Mozilla/SeaMonkey configuration
368
Partial Retirement of Protocol Inspector
Partial Retirement of Protocol Inspector
369
How to enable certain users to access the Internet
User accounts and groups in traffic rules
370
Enabling automatic authentication
371
FTP on WinRoute’s proxy server
Example of a client configuration web browser
372
Example of a client configuration Total Commander
FTP on WinRoute’s proxy server
373
12 Setting proxy server for FTP in Total Commander
374
Network Configuration
Network Load Balancing
Basic Information and System Requirements
375
Network Load Balancing
376
24.3 Configuration of the servers in the cluster
NLB configuration for Server1
377
378
Server 1 cluster parameters
NLB configuration for Server2
379
Description
Technical support
Essential Information
380
Informational File
Error Log Files
Tested in Beta version
License type and license number
Contacts
United Kingdom
Czech Republic
Legal Presumption
OpenSSL
Used open-source libraries
Libiconv
384
Zlib
Prototype
Copyright 2005 Sam Stephenson
385
ActiveX
Default gateway
Glossary of terms
Cluster
Firewall
Greylisting
387
Kerberos
Glossary of terms IP address
IPSec
388
Packet
Network adapter
P2P network
Port
Routing table
Glossary of terms
Proxy server
Script
Spoofing
391
TCP/IP
392
Index
393
Index
394
Ntlm
395
VPN
396
133
397
Top
Page
Image
Contents