For cases when it is necessary to reinstall the firewall's operating system (e.g. when new hardware is deployed), it is possible to back-up WinRoute's configuration including the major part of status information and use the back-up for your new WinRoute installation. This may save significant amount of your time as well as help you avoid solution of problems you have already figured out.
All WinRoute configuration data is stored in the following files under the same directory where WinRoute is installed
(the typical path is C:\Program Files\Kerio\WinRoute Firewall
).
The following files are included:
Chief configuration file
Information about groups and user accounts.
Preferences for backs-up of configuration, user accounts data, DHCP server database, etc.
Log configurations
Note: The data in these files are saved in XML format so that it can be easily modified by an advanced user or generated automatically using another application.
Files in the following directories are also considered as configuration data:
An automatically generated SSL certificate generated for traffic between the WinRoute Firewall Engine and the Administration Console.
For details on traffic between the WinRoute Firewall Engine and the Administration Console, refer to Kerio Administration Console — Help (http://www.kerio.com/kwf-manual).
SSL certificates for all components using SSL for traffic encryption (i.e. the web interface, VPN server and the Clientless SSL-VPN interface).
If WinRoute has already been registered, the license
folder includes a license key file (including registered trial versions). If WinRoute has not been registered yet, the license
folder is empty.
In addition, WinRoute generates other files and directories where certain status information is saved:
Files:
Current ISS OrangeWeb Filter's cache data (see chapter 12.4 Content Rating System (ISS OrangeWeb Filter)).
DNS files stored in DNS forwarder's cache (see chapter 8.1 DNS Forwarder).
IP addresses assigned by the DHCP server.
This file keeps all information available on the Leases tab of the Configuration → DHCP server section (refer to chapter 8.2 DHCP server).
Current ISS OrangeWeb Filter configuration data (see chapter 12.4 Content Rating System (ISS OrangeWeb Filter)).
This file is generated automatically in accordance with ISS OrangeWeb Filter settings made in the main configuration file (winroute.cfg
) and it is refreshed upon any change of these settings.
Interface statistics (see chapter 20.2 Interface statistics) and user statistics (see chapter 20.1 Volume of transferred data and quota usage) data.
IP addresses assigned to VPN clients (see chapter 23.2 Configuration of VPN clients).
Directories:
The logs
directory stores all WinRoute logs (see chapter 22 Logs).
The star
directory includes a complete database for statistics of the WinRoute web interface.
We recommend that WinRoute Firewall Engine be stopped prior to any manipulation with the configuration files (backups, recoveries, etc.)! Information contained within these files is loaded and saved only upon starting or stopping the MailServer. All changes to the configuration performed while the Engine is running are only stored in memory. All modifications done during Engine performance will be overwritten by the configuration in the system memory when the Engine is stopped.
Configuration can be backed-up by copying all the previously described configuration and/or status files.
To recover configuration through backed-up data (typically this need may arise when WinRoute is installed to a new workstation or when the operating system is being reinstalled), follow these steps:
Perform WinRoute installation on a required machine (refer to chapter 2.3 Installation).
Stop WinRoute Firewall Engine.
Into the WinRoute directory
(the typical path is C:\Program Files\Kerio\WinRoute Firewall
)
copy files host.cfg
, logs.cfg
, UserDB.cfg
and winroute.cfg
from the back-up
Copy license and SSL certificate subdirectories (license
, sslcert
and dbSSL
).
Copy all files and directories with status information (files Cache.CFS
, dnscache.cfg
, leases.cfg
, ofclient.cfg
, stats.cfg
, vpnclient.cfg
and directories logs
and star
).
Run WinRoute Firewall Engine.
At this stage, WinRoute detects the required configuration file. Within this process, unknown network interfaces (ones which are not defined in the winroute.cfg
configuration file) will be detected in the system. Each network interface includes a unique (randomly generated) identifier in the operating system. It is almost not possible that two identifiers were identical.
To avoid setting up new interfaces and changing traffic rules, you can assign new identifiers to original interfaces in the winroute.cfg
configuration file.
Stop WinRoute Firewall Engine.
Use a plaintext editor (e.g. Notepad) to open the winroute.cfg
configuration file. Go to the following section:
<list name="Interfaces">
Scan this section for the original adapter. Find an identifier for a new interface in the new adapter's log and copy it to the original adapter. Remove the new interface's log.
Name of the local network interface is LAN. This network connection is labeled as Local Area Connection in the new operating system. Now, the following data can be found in the Interfaces
section (only the essential parts are listed):
<listitem> <variable name="Id"> \DEVICE\{7AC918EE-3B85-5A0E-8819-CBA57D4E11C7} </variable> <variable name="Name">LAN</variable> ... </listitem> <listitem> <variable name="Id"> \DEVICE\{6BF377FB-3B85-4180-95E1-EAD57D5A60A1} </variable> <variable name="Name">Local Area Connection</variable> ... </listitem>
Copy the Local Area Connection
interface's identifier into the LAN
interface. Remove the data for Local Area Connection
(a relevant listitem
section).
When all these changes are performed, the data in the configuration file relating to interface connected to the local network will be as follows:
<listitem> <variable name="Id"> \DEVICE\{6BF377FB-3B85-4180-95E1-EAD57D5A60A1} </variable> <variable name="Name">LAN</variable> ... </listitem>
Save the winroute.cfg
file and run WinRoute Firewall Engine.
Now, the WinRoute configuration is identical with the original WinRoute configuration on the prior operating system.
Note: The method described above includes a complete “clone” of WinRoute on a new host. Some of the steps are optional — for example, if you do not wish to keep the current statistics, do not copy the star
subdirectory.