Installation guide
Table Of Contents
- Introduction
- Headquarters configuration
- Selection of IP addresses for LAN
- Configuration of network interfaces of the Internet gateway
- Kerio Control installation
- Kerio Control Administration interface and product activation
- Setting connection and basic traffic rules
- DHCP Server Configuration
- DNS configuration
- Web interface and SSL-VPN certificates
- Mapping of user accounts and groups from the Active Directory
- Address Groups and Time Ranges
- Web Rules Definition
- FTP Policy Configuration
- Antivirus Scanning Configuration
- Intrusion Prevention System
- Enabling access to local services from the Internet
- Secured access of remote clients to LAN
- LAN Hosts Configuration
- Viewing statistics of Internet usage and user browsing behavior
- Configuration of the LAN in a filial office
- Interconnection of the headquarters and branch offices
- Used open source items
- Legal Notices
Headquarters configuration
12
Hint:
Do not make the reservation manually unless you know the MAC address of your printing
machine. Run the DHCP server and connect the machine to the network. An IP address
from the formerly defined scope (see above) will be assigned to the printing machine. In
the list of leased addresses, mark this IP address and click on Reserve. This opens a dialog
for IP address reservation with the corresponding MAC address already predefined. Change
reserved IP address to the desired one (192.168.1.3), edit the description and click on OK.
Restart your printing machine. The appropriate IP address will be assigned to the printing
machine by the DHCP server after the restart.
Note: You can also use another DHCP server to detect settings of your network equipment
automatically. Set the firewall computer’s internal IP address (192.168.1.1) as the default
gateway and DNS server in parameters for this range on the DHCP server.
In this case it is necessary to keep the DHCP server in Kerio Control disabled!
2.7 DNS configuration
In Configuration → DNS, keep the default settings (the DNS service and simple DNS translation
with the hosts file and a table of leased addresses are allowed) and set the advanced options:
• Enter the local DNS domain name — company.com.
• Enable the Use custom forwarding option Add the rule for forwarding of requests to
the Active Directory, i.e. of all requests for names starting with _ (underscore), to the
domain server in the LAN. This setting is required for correct communication of local
computers with the domain server.
DNS name Forward to DNS servers
_
*
192.168.1.2
Table 2.1 Rule for forwarding of DNS requests to Active Directory
It is also necessary to add rules for correct forwarding of DNS queries between the
headquarters’ network and networks of branch offices. For detailed description on
these settings, refer to chapters 4.1 and 4.2.
2.8 Web interface and SSL-VPN certificates
The Kerio Control web interface allows remote administration of the firewall via a web
browser (Kerio Control Administration) and viewing of Internet usage statistics (Kerio StaR).
It also allows viewing of information regarding attempts to access forbidden web pages (see
chapter 2.11) and users can use it to set several parameters of their accounts. The Clientless