Manualshelf

User`s guide

ManualsBrandsKerio ManualsSoftwareWeb Filter EDU, 100 user add-on
11121314151617181920
Chapter 2 Headquarters configuration
14
2.12 Antivirus Scanning Configuration
Any supported external antivirus application that you intend to use must be installed first. The
McAfee antivirus application is integrated into WinRoute and you will need a special license to
run it. The ideal solution is to combine the integrated and an external antivirus (so called dual
antivirus check).
In Configuration Content Filtering Antivirus, on the Antivirus tab, set antiviruses
and, if applicable, also advanced settings for the selected external antivirus. For com-
plete list of supported antiviruses and their detailed configuration guides, refer to
http://www.kerio.com/firewall/third-party#av.
WinRoute allows to select protocols which antivirus check will be applied to. The HTTP, FTP
scanning, Email scanning and SSL-VPN scanning, tabs enable detailed configuration of scanning
of individual protocols. Usually, the default settings are convenient.
2.13 Enabling access to local services from the Internet
Go to Configuration Traffic Policy to add rules for services that will be available from the
Internet. Rules for service mapping should be always at the top of the traffic rules table.
Mapping of local FTP server unsecured access only is supposed which makes it
possible to filter traffic and scan it for viruses.
Name Source Destination Service Action Translation
Access to FTP server Any Firewall FTP Allow Mapping 192.168.1.2
Table 2.2 Making the local FTP servers available from the Internet
Access to other mail server services (save SMTP) allowed only from certain IP ad-
dresses in the Working hours time range.
Name Source Destination Service Action Translation Valid in
Access to email Group Access
to email
Firewall IMAP
IMAPS
POP3
POP3S
Allow Working hours
Table 2.3 Enabling access to the firewall’s mailserver services
Notes:
1. This rule enables access to IMAP and POP3 services in both encrypted and unen-
crypted versions — client can select which service they will use.
2. Based on this example, the SMTP service was mapped by the traffic rules Wizard
(refer to chapter 2.4) — the appropriate rule already exists.
3. Access to the SMTP service must not be limited to certain IP addresses only as
anyone is allowed to send an email to the local domain.