Manuals
/
Kerio Tech
/
Computer Equipment
/
Network Router
Kerio Tech
Firewall6
manual
Models:
Firewall6
1
398
398
Download
398 pages
11.9 Kb
391
392
393
394
395
396
397
398
Troubleshooting
Install
Password
Error Log
Login
Administrator’s Guide
Reset interface statistics
Remote Access
Connection Failover Setup
Port mapping timeout
Page 398
Image 398
Page 397
Page 398
Page 398
Image 398
Page 397
Page 398
Contents
Administrator’s Guide
Kerio Technologies
Page
Contents
113
Remote Administration and Update Checks 209
Kerio Clientless SSL-VPN 355
393
Quick Checklist
Page
Kerio WinRoute Firewall
Basic Features
Introduction
Additional Features
Kerio WinRoute Firewall
Email alerts
Antivirus control
Transparent support for Active Directory
User quotas
Collision of low-level drivers
Conflicting software
Clientless SSL-VPN
Port collision
Antivirus applications
Steps to be taken before the installation
Installation
Installation
System requirements
Installation and Basic Configuration Guide
Custom installation selecting optional components
Protection of the installed product
Conflicting Applications and System Services
WinRoute Engine Monitor
WinRoute Components
WinRoute Firewall Engine
WinRoute Engine Monitor
Kerio Administration Console
WinRoute Engine Monitor
Upgrade and Uninstallation
Typically the path C\Program Files\Kerio\WinRoute Firewall
Upgrade and Uninstallation
Uninstallation
Setting of administration username and password
Upgrade from WinRoute Pro
Update Checker
Configuration Wizard
Remote IP address
Remote Access
Enable remote access
Initial configuration Allowing remote administration
WinRoute Administration
Administration Window
File
WinRoute Administration
Administration Window Main menu
Help menu
Detection of WinRoute Firewall Engine connection drop-out
Administration Window
Status bar
View Settings
Column customization in Interfaces
View Settings
License types optional components
Product Registration and Licensing
License types and number of users
License types and number of users
Deciding on a number of users licenses
Copyright
License information
Product
Homepage
Product expiration date
License ID
Subscription expiration date
Number of users
Registration of the product in the Administration Console
Registration of the trial version
Registration of the product in the Administration Console
Trial version registration security code
Trial version registration other information
Registration of the purchased product
Trial version registration Trial ID
Product Registration and Licensing
Registration of the product in the Administration Console
10 Product registration user information
Update of registration information
12 Product registration summary
Subscription / Update Expiration
Product registration at the website
Subscription / Update Expiration
Bubble alerts
User counter
15 The notice that the subscription has already expired
License counter
User counter
Start WinRoute
License release
Interface
Settings for Interfaces and Network Services
Network interfaces
IP Address and Mask
Add
Dial or Hang Up /Enebale, Disable
Adapter info
Modify
Dial-In
Refresh
Special interfaces
VPN server
Bind this interface
Interface type selection
Interface name
Use login data from the RAS entry
Use the following login data
RAS Entry
Connection
Dial-up demand dial
Hangup if idle
Advanced
Connection Failover
Edit Interface parameters
Connection Failover
Connection Failover Setup
Enable automatic connection failover
Current connection
Configuration of primary and secondary Internet connection
Dial-up Use
Primary connection
Secondary connection
DNS Forwarder
DNS Forwarder configuration
DNS forwarding
Enable DNS forwarding
DNS Forwarder
Clear cache
Enable cache for faster response of repeated queries
Enable DNS forwarding
Use custom forwarding
10 Specific settings of DNS forwarding
Simple DNS resolution
11 DNS forwarding a new rule
Before forwarding a query
Combine the name ... with DNS domain
Dhcp server
Definition of Scopes and Reservations
Dhcp server
Dhcp Server Configuration
Wins server
Lease time
DNS server
Domain
Description
15 Dhcp server IP scopes definition
Exclusions
First address, Last address
Subnet mask
Parameters
Lease Reservations
00bca5f21e50
Bc-a5-f2-1e-50
Leases
20 Dhcp server list of leased and reserved IP addresses
Dhcp server advanced options
Windows RAS
Proxy server
Declined options
Proxy Server Configuration
Enable non-transparent proxy server
Proxy server
Enable connection to any TCP port
22 Http proxy server settings
Forward to parent proxy server
Http//192.168.1.13128/pac/proxy.pac
Http cache
Enable cache on transparent proxy
Enable cache on proxy server
Http protocol TTL
Http cache
Cache size
Cache Options
Memory cache size
Max Http object size
URL Specific Settings
URL
Cache status and administration
TTL
26 Http cache administration dialog
Traffic Policy
Network Rules Wizard
Selection of Internet connection type
Network Rules Wizard
Information
Network adapter or dial-up selection
Network Policy Wizard selection of a connected adapter
Internet access limitations
Allow access to all services
Allow access to the following services only
Enabling Kerio VPN traffic
Service is running on
Service
NAT
Generating the rules
Rules Created by the Wizard
Icmp traffic
Local Traffic
Firewall Traffic
Name
How traffic rules work
Definition of Custom Traffic Rules
Source, Destination
12 Traffic rule name, color and rule description
IP range e.g
Definition of Custom Traffic Rules
Service
100
Action
101
Log
102
Translation
103
104
20 Traffic rule destination address translation
105
Valid on
Protocol inspector
Source
Basic Traffic Rule Types
IP Translation NAT
Destination
Port mapping
Translation
Placing the rule
107
108
109
Limiting Internet Access
Multihoming
110
Exclusions
111
112
Bandwidth Limiter
How the bandwidth limiter works and how to use it
Speed limits for big data volumes transmissions
Speed limits for users with their quota exceeded
Bandwidth Limiter
Setting limit values
Bandwidth Limiter configuration
114
115
Services
Advanced Options
IP Addresses and Time Interval
116
Bandwidth Limiter selection of network services
117
Detection of connections with large data volume transferred
118
119
Detection of connections with large data volume transferred
Examples
120
121
User Authentication
Firewall User Authentication
122
User Authentication
User authentication advanced options
Enable non-transparent proxy server authentication
Firewall User Authentication
Redirection to the authentication
Automatic authentication Ntlm
Automatically logout users when they are inactive
124
Web Interface
Enable Kerio SSL-VPN server
Enable Web Interface Http
Web Interface Parameters Configuration
Web Interface
Enable secured Web Interface Https
Allow access only from these IP addresses
WinRoute server name
Configuration of ports of the Web Interface
127
128
SSL Certificate for the Web Interface
Generate or Import Certificate
129
SSL certificate of WinRoute’s Web interface
Users logged
Login/logout
Web Interface Language Preferences
130
131
Login/logout
Drdolittle@usoffice.company.com
132
User password authentication
Log out
133
Status information and user statistics
Status information and user statistics
User preferences
134
135
Save settings
User preferences
10 Editing user password
136
137
Http protocol
FTP protocol
138
Conditions for Http and FTP filtering
URL Rules
URL Rules
139
URL Rules Definition
140
141
If user accessing the URL is
URL matches criteria
Allow access to the Web site
142
Valid if Mime type is
Valid at time interval
Valid for IP address group
Denial options
Deny Web pages containing
WWW content scanning options
Scan content for viruses according to scanning rules
144
Http Inspection Advanced Options
145
Allow Script Html tags
Global rules for Web elements
Allow Html ActiveX objects
146
Allow applet Html tags
Content Rating System ISS OrangeWeb Filter
Allow Html JavaScript pop-up windows
Allow cross-domain referrer
ISS OrangeWeb Filter configuration
148
Server
Enable ISS OrangeWeb Filter
Categorize each page regardless of Http rules
ISS OrangeWeb Filter Deployment
150
ISS OrangeWeb Filter rule
Web content filtering by word occurrence
151
Definition of rules filtering by word occurrence
152
Word groups
153
Definition of forbidden words
154
Group
Weight
FTP Policy
Keyword
FTP server is
If user accessing the FTP server is
FTP Rules Definition
156
15 FTP Rule basic parameters
Content
158
159
160
Antivirus control
Conditions and limitations of antivirus scan
Conditions and limitations of antivirus scan
161
Integrated McAfee
How to choose and setup antiviruses
Antivirus control
162
Update now
Check for update every ... hours
Last update check performed ... ago
Current virus database is
164
Antivirus settings
External antivirus
165
An example of a traffic rule for outgoing Smtp traffic check
Http and FTP scanning
Http and FTP scanning
167
168
Http and FTP scanning rules
Condition
Mime type
169
Email scanning
170
Email scanning
171
172
173
IP Address Groups
Creating and Editing IP Address Groups
Name
Time Intervals
Definitions
Type
Weekly
Time range types
Absolute
Daily
Valid at days
Time Interval Type
From, To
176
177
Services
Services
178
Protocol
Protocol inspector
179
Source Port and Destination Port
Protocol Inspectors
URL Groups
180
URL Groups
181
Definitions Group
182
Import of user accounts from Active Directory
User Accounts and Groups
Internal user database
183
184
Viewing and definitions of user accounts
User Accounts and Groups
Local user accounts
Edit User
Local user accounts
Accounts mapped from the Active Directory domain
186
Basic information
Local user accounts
Creating a local user account
Full Name
Email Address
Authentication
Account is disabled
Domain template
189
NT domain / Kerberos
Groups
Access rights
190
Full access to administration
No access to administration
Read only access to administration
User can override WWW content rules
192
Data transmission quota
Transfer quota
193
Content rules
Quota exceed action
User’s IP addresses
194
Editing User Account
195
196
Active Directory
NT domain
Automatic import of user accounts from Active Directory
197
Manual import of user accounts
198
Domain mapping requirements
Active Directory domains mapping
Active Directory domains mapping
199
Active Directory mapping
Domain Access
Single domain mapping
200
201
13 Active Directory domain mapping
202
NT authentication support
Multiple domains mapping
203
16 Conversion of user accounts
204
User groups
User groups Definitions
Name and description of the group
User groups
Creating a new local user group
205
Group members
Group access rights
Read only access
206
207
Users can override WWW content rules
Users can connect using VPN
208
Users are allowed to use P2P networks
Users are allowed to view statistics
How to allow remote administration from the Internet
Remote Administration and Update Checks
Setting Remote Administration
209
210
Update Checking
Remote Administration and Update Checks
Check also for beta versions
Update Checking
Check for new versions
Check now
212
P2P Eliminator Configuration
Advanced security features
15.1 P2P Eliminator
213
Advanced security features
214
215
15.1 P2P Eliminator
Parameters for detection of P2P networks
Special Security Settings
216
Connections Count Limit
Special Security Settings
Anti-Spoofing
217
Enable pass-through only for hosts
VPN using IPSec Protocol
Enable
IPSec preferences
IPSec client in local network
VPN using IPSec Protocol
WinRoute’s IPSec configuration
219
220
Traffic rule for one IPSec client in the local network
IPSec server in local network
221
Other settings
Routing table
Static routes
Routing table
Route Types
223
Gateway
Definitions of Dynamic and Static Rules
Network, Network Mask
Metric
Removing routes from the Routing Table
Demand Dial
Demand Dial
How demand dial works
226
Technical Peculiarities and Limitations
227
Setting Rules for Demand Dial
228
Dial of local DNS names
229
Universal Plug-and-Play UPnP
Enable UPnP
Port mapping timeout
Configuration of the UPnP support
Log packets
Relay Smtp server
Relay Smtp server
Log connections
Test
Smtp requires authentication
Specify sender email address in From header
232
233
234
Status Information
Active hosts and connected users
Hostname
Login time
Login duration
User
Active Hosts dialog options
Detailed information on a selected host and user
Traffic information
238
239
Activity Description
Connections
Source, Destination
240
Histogram
241
Show connections related to the selected process
242
Show connections related to the selected process
243
244
Options of the Connections Dialog
Kill connection
Background Color
Color Settings
Font Color
245
246
Alerts Settings
Alerts
247
Alerts
Alert
Alert Templates
248
249
\Program Files\Kerio\WinRoute Firewall\templates by default
Alerts overview in Administration Console
250
13 Details of a selected event
251
Basic statistics
Interface statistics
Interface Statistics menu
Reset interface statistics
Basic statistics
252
Graphical view of interface load
Interface statistics
Remove interface statistics
253
User Statistics data volumes and quotas
254
255
User Statistics data volumes and quotas
User Statistics dialog options
View host
Reset user statistics
Remove user statistics
256
257
Kerio StaR statistics and reporting
Monitoring and storage of statistic data
Requirements of the statistics
Settings for statistics and quota
Kerio StaR statistics and reporting
258
Advanced settings for statistics
Settings for statistics and quota
Enable/disable gathering of statistic data
259
Statistics and quota restrictions
260
Connection to StaR and viewing statistics
Accessing the statistics from the WinRoute host
Remote access to the statistics
Statistics and quota accounting periods
StaR page in the web interface
262
Accounting period
263
264
Custom accounting period
265
Overall View
Overall View
266
Top Requested Web Categories
Top 5 users
Used Protocol
267
268
269
User statistics
User statistics
Users by Traffic
13 The Users by Traffic table
Top Visited Websites
Top Visited Websites
Top Requested Web Categories
272
273
16 Top visited websites sorted by categories
274
Filename.log
Log settings
Logs
275
File Logging
276
277
Log settings
Syslog Logging
Logs Context Menu
Highlighting
Logs Context Menu
Find
Select font
Clear log
Logs Encoding
Log debug
Log highlighting
Log highlighting settings
Debug log advanced settings
282
Alert Log
Alert Log
284
20.4 Config Log
Logs
285
Connection Log
Connection Log
286
Debug Log
Dial Log
Page
15/Mar/2004 155912 Line Connection disconnected
288
289
Error Log
Error Log
290
’McAfee update’ rule name
Filter Log
291
Http log
Http log
1058444114.733 0 192.168.64.64 TCPMISS/304
292
293
Security Log
Security Log
Authentication service Client IP address reason
294
17/Dec/2004 121133 Engine Startup
Sslvpn Log
Sslvpn Log
17/Dec/2004 122243 Engine Shutdown
Web Log
24/Apr/2003 102951 192.168.44.128 james
Web Log 297
Kerio VPN
298
VPN Server Configuration
299
General
Enable VPN server
Kerio VPN
IP address assignment
SSL certificate
301
302
Advanced
Listen on port
Custom Routes
303
304
21.2 Configuration of VPN clients
Basic configuration of traffic rules for VPN clients
Name of the tunnel
Setting up VPN servers
Definition of a tunnel to a remote server
305
Configuration
306
Configuration of a remote end of the tunnel
307
308
DNS Settings
Routing settings
Connection establishment
309
Traffic Policy Settings for VPN
310
Routing configuration options
Exchange of routing information
Exchange of routing information
311
312
Update of routing tables
Routes provided automatically
313
Example of Kerio VPN configuration company with a filial office
Specification
Common method
314
315
Headquarters configuration
316
14 Headquarter creating default traffic rules for Kerio VPN
317
318
16 Headquarter DNS forwarder configuration
319
320
19 Headquarters VPN server configuration
LAN
321
Configuration of a filial office
322
24 Filial office default traffic rules for Kerio VPN
323
324
25 Filial office DNS forwarder configuration
325
326
28 Filial office VPN server configuration
327
29 Filial office definition of VPN tunnel for the headquarters
328
Example of a more complex Kerio VPN configuration
VPN test
Common method
329
330
331
33 Headquarter creating default traffic rules for Kerio VPN
332
333
35 Headquarter DNS forwarder configuration
Kerio VPN
335
38 Headquarters VPN server configuration
336
39 Headquarter definition of VPN tunnel for the London filial
337
338
339
43 Headquarter final traffic rules
Configuration of the London filial
340
46 The London filial office default traffic rules for Kerio VPN
341
48 The London filial office DNS forwarding settings
342
343
344
345
346
54 The London filial office final traffic rules
Configuration of the Paris filial
347
348
57 The Paris filial office DNS forwarder configuration
349
59 The Paris filial office VPN server configuration
350
351
352
353
64 The Paris filial office final traffic rules
354
SSL-VPN configuration
Kerio Clientless SSL-VPN
22.1 Configuration of WinRoute’s SSL-VPN
355
356
Allowing access from the Internet
Kerio Clientless SSL-VPN
Https//server
Usage of the SSL-VPN interface
Usage of the SSL-VPN interface
Https//server12345
358
Sidneywashington@usoffice.company.com
Handling files and folders
Bookmarks
\\server\folder\subfolder
Antivirus control
359
360
Troubleshooting
Detection of incorrect configuration of the default gateway
23.2 Configuration Backup and Transfer
Cache.CFS
Sslcert
License
Dnscache.cfg
363
Handling configuration files Configuration backup recovery
Star
List name=Interfaces
365
Automatic user authentication using Ntlm
General conditions
WinRoute Configuration
366
Web browsers
Automatic user authentication using Ntlm
Ntlm authentication process
Microsoft Internet Explorer
368
Firefox/Netscape/Mozilla/SeaMonkey
Firefox/Netscape/Mozilla/SeaMonkey configuration
369
Partial Retirement of Protocol Inspector
Partial Retirement of Protocol Inspector
370
How to enable certain users to access the Internet
User accounts and groups in traffic rules
Enabling automatic authentication
371
372
FTP on WinRoute’s proxy server
Example of a client configuration web browser
373
Example of a client configuration Total Commander
FTP on WinRoute’s proxy server
12 Setting proxy server for FTP in Total Commander
374
Network Configuration
Network Load Balancing
Basic Information and System Requirements
375
Network Load Balancing
376
377
24.3 Configuration of the servers in the cluster
NLB configuration for Server1
378
Server 1 cluster parameters
NLB configuration for Server2
379
Description
Technical support
Essential Information
380
Informational File
Error Log Files
Tested in Beta version
License type and license number
Czech Republic
Contacts
United Kingdom
Legal Presumption
OpenSSL
Used open-source libraries
Libiconv
384
Zlib
Prototype
Copyright 2005 Sam Stephenson
385
ActiveX
Default gateway
Glossary of terms
Cluster
387
Firewall
Greylisting
Kerberos
Glossary of terms IP address
IPSec
388
Packet
Network adapter
P2P network
Port
Routing table
Glossary of terms
Proxy server
Script
Spoofing
391
TCP/IP
392
Index
393
Index
394
Ntlm
395
VPN
396
133
397
Top
Page
Image
Contents