Manualshelf

User`s guide

ManualsBrandsKerio ManualsSoftwareControl 7, 100 user add-on, GOV
11121314151617181920
Headquarters configuration
12
2.7 DNS configuration
In Configuration DNS, keep the default settings (the DNS service and simple DNS translation
woth the hosts file and a table of leased addresses are allowed) and set the advanced options:
Enter the local DNS domain name — company.com.
Enable the Use custom forwarding option Add the rule for forwarding of requests to
the Active Directory, i.e. of all requests for names starting with _ (underscore), to the
domain server in the LAN. This setting is required for correct communication of local
computers with the domain server.
DNS name Forward to DNS servers
_
*
192.168.1.2
Table 2.1 Rule for forwarding of DNS requests to Active Directory
It is also necessary to add rules for correct forwarding of DNS queries between the
headquarters’ network and networks of branch offices. For detailed description on
these settings, refer to chapters 4.1 and 4.2.
2.8 Web interface and SSL-VPN certificates
The Kerio Control web interface allows remote administration of the firewall via a web
browser (Kerio Control Administration) and viewing of Internet usage statistics (Kerio StaR).
It also allows viewing of information regarding attempts to access forbidden web pages (see
chapter 2.11) and users can use it to set several parameters of their accounts. The Clientless
SSL-VPN interface is used for secured remote connections to shared files in local networks by
a web browser.
For proper functionality of web services, an SSL certificate is required that proves the server’s
identity. To create certificates for web interfaces, go to Configuration Advanced Options,
to the Web Interface or the SSL-VPN tab. In advanced settings of individual interfaces, select
Change SSL certificate and Create certificate.
The server name for which the certificate will be issued should be identical with the server
name including domain in our example, name server.company.com is used. For access
to Kerio Control interfaces from the Internet, a record for this name must exist also in public
DNS.
Hint:
It is recommended to replace the created SSL certificates by an SSL certificate issued by
a public certification authority (one certificate can be used both for the web interface and
the Clientless SSL-VPN interface — there is no need to pay for two certificates).