Manualshelf

User`s guide

ManualsBrandsKerio ManualsSoftwareWeb Filter EDU, 100 user add-on
15161718192021222324
4.2 Configuration of a filial office
21
4.2 Configuration of a filial office
1. In WinRoute under Configuration / Interfaces select a VPN server, open its settings dialog
and enable it.
Note: A free subnet which has been selected for VPN is now specified automatically in the
VPN network and Mask entries. There is no reason to change the network.
Use the Edit SSL certificate button to create an SSL certificate with the name of the corre-
sponding server (e.g. server.officebrazil.company.com). This certificate is used for
identification of the VPN server. The fingerprint of the created SSL certificate will be re-
quired for definition of the VPN tunnel on the headquarters server (see chapter
4.1). Select
it, copy it to the clipboard and paste it to an email message, text file, etc.
Note: It is recommended to later replace this generated certificate with a certificate autho-
rized by a reliable public certification authority.
2. Create an active endpoint of the VPN tunnel which connects to the company’s headquar-
ters server (kwf.company.com). The fingerprint of the VPN server certificate can be set
simply by clicking on Detect remote certificate.
3. Complete the Local Traffic rule (created by the Network Rules Wizard see chapter 2.4)
with the VPN tunnel.
Name Source Destination Service Action Translation
Local Traffic Firewall
Tunnel to office
Trusted / local
Firewall
Tunnel to office
Trusted / local
Any Allow
Table 4.3 Office (Filial) — the Local Traffic rule
4. In the configuration of the DNS Forwarder (refer to chapter 2.6), enable the Use cus-
tom forwarding. Define rules for the company.com domain. Set the IP address of the
headquarter’s domain server (192.168.1.2) which is used as the primary server for the
company.com domain as the DNS server used for forwarding.
Domain / Network DNS server(s)
192.168.1.0 / 255.255.255.0 192.168.1.2
company.com 192.168.1.2
Table 4.4 Filial — DNS forwarding configuration
4.3 VPN test
Configuration of the VPN tunnel has been completed by now. At this point, it is recommended
to test availability of the remote hosts from each end of the tunnel (from both local networks).
For example, the ping or/and tracert operating system commands can be used for this
testing. It is recommended to test availability of remote hosts both through IP addresses and
DNS names.