Installation guide
Table Of Contents
- Introduction
- Headquarters configuration
- Selection of IP addresses for LAN
- Configuration of network interfaces of the Internet gateway
- Kerio Control installation
- Kerio Control Administration interface and product activation
- Setting connection and basic traffic rules
- DHCP Server Configuration
- DNS configuration
- Web interface and SSL-VPN certificates
- Mapping of user accounts and groups from the Active Directory
- Address Groups and Time Ranges
- Web Rules Definition
- FTP Policy Configuration
- Antivirus Scanning Configuration
- Intrusion Prevention System
- Enabling access to local services from the Internet
- Secured access of remote clients to LAN
- LAN Hosts Configuration
- Viewing statistics of Internet usage and user browsing behavior
- Configuration of the LAN in a filial office
- Interconnection of the headquarters and branch offices
- Used open source items
- Legal Notices
Headquarters configuration
16
FTP restrictions specified by predefined rules
Go to Configuration → Content Filtering → FTP Policy to set FTP limitations. The following
rules are predefined rules and can be used for all intended restrictions:
• Rules Forbid *.mpg, *.mp3 and *.mpeg files and Forbid upload are ready to use.
• Modify the Forbid *.avi files rule by going to the Advanced tab and setting the time
when the rule is valid in the Working hours range (see chapter 2.10).
FTP server in local network
?In the following example, we intend to enable the local FTP server from the Internet. The
Forbid upload rule denies even upload to this server which is not always desirable. For this
reason we must add a rule that would enable upload to this server before the Forbid upload
rule:
• On the General tab set the following condition: “if any user accesses FTP server
192.168.1.10, then allow.”
• On the Advanced tab, set the operation type to Upload and use the wildcard for any
file (
*
).
Notes:
1. The IP address of the host where the appropriate FTP service is running must be used to
define the FTP server’s IP address. It is not possible to use an outbound IP address of the
firewall that the FTP server is mapped from (unless the FTP server runs on the firewall)! IP
addresses are translated before the content filtering rules are applied.
2. The same method can be also applied to enable upload to a particular FTP server in the
Internet whereas upload to other FTP servers will be forbidden.
2.13 Antivirus Scanning Configuration
Any supported external antivirus application that you intend to use must be installed first.
The Sophos antivirus application is integrated into Kerio Control and you will need a special
license to run it. The ideal solution is to combine the integrated and an external antivirus (so
called dual antivirus check).
In Configuration → Content Filtering → Antivirus, on the Antivirus tab, set antiviruses
and, if applicable, also advanced settings for the selected external antivirus. For
complete list of supported antiviruses and their detailed configuration guides, refer to
http://www.kerio.com/firewall/third-party#av.