Administrator's Guide
Total Page:16
File Type:pdf, Size:1020Kb
Kerio Control Administrator’s Guide Kerio Technologies 2012 Kerio Technologies s.r.o. All rights reserved. This guide provides detailed description on configuration and administration of Kerio Control, version 7.3. All additional modifications and updates reserved. User interfaces Kerio StaR and Kerio Clientless SSL-VPN are focused in a standalone document, Kerio Control — User’s Guide. Kerio VPN Client for Windows and Mac OS X is focused in the separate document Kerio VPN Client — User’s Guide. For current version of the product, go to http://www.kerio.com/control/download. For other documents addressing the product, see http://www.kerio.com/control/manual. Information regarding registered trademarks and trademarks are provided in appendix A. Products Kerio Control and Kerio VPN Client include open source software. To view the list of open source items included, refer to attachment B. Contents 1 Quick Checklist ................................................................ 8 2 Installation .................................................................... 10 2.1 Product Editions ......................................................... 10 2.2 System requirements .................................................... 10 2.3 Windows: Conflicting Software ........................................... 11 2.4 Windows: Installation .................................................... 12 2.5 Windows: Upgrade and Uninstallation .................................... 16 2.6 Appliance Edition: Installation ........................................... 17 2.7 Appliance Edition: Upgrade .............................................. 19 3 Kerio Control components .................................................... 20 3.1 Kerio Control Engine Monitor (Windows) .................................. 20 3.2 Firewall console (editions Appliance and Box) ............................. 22 4 Kerio Control administration .................................................. 24 4.1 The Kerio Control Administration interface ............................... 24 4.2 Configuration Assistant .................................................. 25 4.3 Connectivity Warnings ................................................... 25 5 License and Registration ...................................................... 27 5.1 Licenses, optional components and Software Maintenance . 27 5.2 Deciding on a number of users (licenses) ................................. 29 5.3 Activation Wizard ....................................................... 29 5.4 License information and registration changes ............................. 31 5.5 Subscription / Update Expiration ......................................... 33 6 Support for IPv6 .............................................................. 35 7 Network interfaces ............................................................ 36 7.1 Groups of interfaces ..................................................... 36 7.2 Viewing and configuring Ethernet ports (Kerio Control Box) . 37 7.3 Special interfaces ........................................................ 38 7.4 Viewing and editing interfaces ........................................... 38 7.5 Adding new interface (editions Appliance and Box) ........................ 40 7.6 Advanced dial-up settings ................................................ 41 7.7 Supportive scripts for link control (Windows) ............................. 42 3 8 Configuring Internet connection and the local network ........................ 44 8.1 Connectivity Wizard ..................................................... 45 8.2 Internet Connection With A Single Link ................................... 46 8.3 Network Load Balancing ................................................. 48 8.4 Connection Failover ...................................................... 51 8.5 Connection with a single leased link - dial on demand (Windows) . 54 9 Traffic Rules .................................................................. 56 9.1 Network Rules Wizard ................................................... 56 9.2 How traffic rules work ................................................... 59 9.3 Definition of Custom Traffic Rules ........................................ 59 9.4 Basic Traffic Rule Types .................................................. 67 9.5 Demilitarized Zone (DMZ) ................................................ 73 9.6 Policy routing ........................................................... 74 9.7 User accounts and groups in traffic rules ................................. 76 9.8 Partial Retirement of Protocol Inspector .................................. 78 9.9 Use of Full cone NAT .................................................... 79 9.10 Media hairpinning ....................................................... 81 10 Firewall and Intrusion Prevention System ..................................... 82 10.1 Network intrusion prevention system (IPS) ................................ 82 10.2 MAC address filtering .................................................... 85 10.3 Special Security Settings ................................................. 86 10.4 P2P Eliminator ........................................................... 88 11 Network Services and LAN Configuration ..................................... 91 11.1 DNS module ............................................................. 91 11.2 DHCP server ............................................................. 97 11.3 IPv6 router advertisement .............................................. 102 11.4 HTTP cache ............................................................ 102 11.5 Proxy server ........................................................... 104 11.6 Dynamic DNS for public IP address of the firewall . 106 12 Bandwidth Management and QoS ............................................. 109 12.1 How bandwidth management works .................................... 109 12.2 Internet Links Speed ................................................... 109 12.3 Bandwidth Management Rules .......................................... 110 12.4 How detection of large data transfer connections works . 111 13 User Authentication .......................................................... 113 13.1 Firewall User Authentication ........................................... 113 4 14 Web Interface ................................................................ 116 14.1 Web interface and certificate settings information . 116 14.2 User authentication at the web interface ................................ 118 15 HTTP and FTP filtering ....................................................... 119 15.1 Conditions for HTTP and FTP filtering .................................. 120 15.2 URL Rules ............................................................. 120 15.3 Content Rating System (Kerio Web Filter) ............................... 122 15.4 Web content filtering by word occurrence ............................... 124 15.5 FTP Policy ............................................................. 126 16 Antivirus control ............................................................ 129 16.1 Conditions and limitations of antivirus scan ............................ 129 16.2 How to choose and setup antiviruses ................................... 130 16.3 HTTP and FTP scanning ................................................ 133 16.4 Email scanning ........................................................ 136 16.5 Scanning of files transferred via Clientless SSL-VPN (Windows) . 139 17 Definitions ................................................................... 140 17.1 IP Address Groups ..................................................... 140 17.2 Time Ranges .......................................................... 141 17.3 Services ............................................................... 142 17.4 URL Groups ........................................................... 144 18 User Accounts and Groups ................................................... 146 18.1 Viewing and definitions of user accounts ............................... 147 18.2 Local user accounts .................................................... 148 18.3 Local user database: external authentication and import of accounts . 155 18.4 User accounts in directory services — domain mapping . 157 18.5 User groups ........................................................... 160 19 Administrative settings ...................................................... 163 19.1 System Configuration (editions Appliance and Box) . 163 19.2 Update Checking ...................................................... 163 20 Other settings ................................................................ 165 20.1 Routing table .......................................................... 165 20.2 Universal Plug-and-Play (UPnP) ......................................... 167 20.3 Relay SMTP server ..................................................... 169 21 Status Information ........................................................... 171 21.1 Active hosts and connected users ...................................... 171 21.2 Network connections overview ......................................... 177 21.3 List of connected VPN clients ........................................... 180 21.4 Alerts ................................................................. 180 5 21.5 System Health (editions Appliance and Box) ............................. 183 22 Basic statistics ............................................................... 185 22.1 Volume of transferred data and quota