Installation guide
Table Of Contents
- Introduction
- Headquarters configuration
- Selection of IP addresses for LAN
- Configuration of network interfaces of the Internet gateway
- Kerio Control installation
- Kerio Control Administration interface and product activation
- Setting connection and basic traffic rules
- DHCP Server Configuration
- DNS configuration
- Web interface and SSL-VPN certificates
- Mapping of user accounts and groups from the Active Directory
- Address Groups and Time Ranges
- Web Rules Definition
- FTP Policy Configuration
- Antivirus Scanning Configuration
- Intrusion Prevention System
- Enabling access to local services from the Internet
- Secured access of remote clients to LAN
- LAN Hosts Configuration
- Viewing statistics of Internet usage and user browsing behavior
- Configuration of the LAN in a filial office
- Interconnection of the headquarters and branch offices
- Used open source items
- Legal Notices
2.14 Intrusion Prevention System
17
Kerio Control allows to select protocols which antivirus check will be applied to. The HTTP,
FTP scanning, Email scanning and SSL-VPN scanning, tabs enable detailed configuration of
scanning of individual protocols. Usually, the default settings are convenient.
2.14 Intrusion Prevention System
In Configuration → Traffic Policy → Intrusion Prevention, enable detection of known types of
network intrusions coming from the Internet and from known intruders. The default setting
is optimized and it is usually not necessary to change it. However, it is recommended to check
Security regularly and evaluate possible false alarms.
For details, see Kerio Control — Administrator’s Guide
(http://www.kerio.com/firewall/manual).
2.15 Enabling access to local services from the Internet
Go to Configuration → Traffic Policy → Traffic Rules to add rules for services that will be
available from the Internet. Rules for service mapping should be always at the top of the
traffic rules table.
• Mapping of local FTP server — unsecured access only is supposed which makes it
possible to filter traffic and scan it for viruses.
Name Source Destination Service Action Translation
Access to FTP server Any Firewall FTP Allow Mapping 192.168.1.2
Table 2.2 Making the local FTP servers available from the Internet
• Access to other mail server services (save SMTP) — allowed only from certain IP
addresses in the Working hours time range.
Name Source Destination Service Action Translation Valid in
Access to email Group Access
to email
Firewall IMAP
IMAPS
POP3
POP3S
Allow Working hours
Table 2.3 Enabling access to the firewall’s mailserver services
Notes: