WinRoute can be run with most of common applications. However, there are certain applications that should not be run at the same host as WinRoute for this could result in collisions.
The computer where WinRoute is installed (the host) can be also used as a workstation. However, it is not recommended — user interaction may affect performance of the operating system which affects WinRoute performance badly.
WinRoute collides with system services and applications the low-level drivers of whose use a similar or an identical technology. The security log contains the following types of services and applications:
The Internet Connection Firewall / Internet Connection Sharing system service. WinRoute can detect and automatically disable this service.
The system service Routing and Remote Access Service (RRAS) in Windows Server operating systems. This service allows also sharing of Internet connection (NAT). WinRoute can detect if NAT is active in the RRAS service; if it is, a warning is displayed. In reaction to the alert message, the server administrator should disable NAT in the RRAS configuration.
If NAT is not active, collisions should be avoided and WinRoute can be used hand in hand with the RRAS service.
Network firewalls — e.g. Microsoft ISA Server.
Personal firewalls, such as Sunbelt Personal Firewall, Zone Alarm, Norton Personal Firewall, etc.
Software designed to create virtual private networks (VPN) — i.e. software applications developed by the following companies: CheckPoint, Cisco Systems, Nortel, etc. There are many applications of this type and their features vary from vendor to vendor.
Under proper circumstances, use of the VPN solution included in WinRoute is recommended (for details see chapter 23 Kerio VPN). Otherwise, we recommend you to test a particular VPN server or VPN client with WinRoute trial version or to contact our technical support (see chapter 26 Technical support).
Note: VPN implementation included in Windows operating system (based on the PPTP protocol) is supported by WinRoute.
Applications that use the same ports as the firewall cannot be run at the WinRoute host (or the configuration of the ports must be modified).
If all services are running, WinRoute uses the following ports:
53/UDP
— DNS plug-in,
67/UDP
— DHCP server,
1900/UDP
— the SSDP Discovery service,
2869/TCP
— the UPnP Host service.
The SSDP Discovery and UPnP Host services are included in the UPnP support (refer to chapter 18.2 Universal Plug-and-Play (UPnP)).
44333/TCP+UDP
— traffic between Kerio Administration Console and WinRoute Firewall Engine. This service cannot be stopped.
The following services use corresponding ports by default. Ports for these services can be changed.
443/TCP
— server of the SSL-VPN interface (see chapter 24 Kerio Clientless SSL-VPN),
3128/TCP
— HTTP proxy server (see chapter 8.4 Proxy server),
4080/TCP
— web interface of the firewall (refer to chapter 11 Web Interface),
4081/TCP
— secured (SSL-encrypted) version of the firewall's web interface (see chapter 11 Web Interface) ,
4090/TCP+UDP
— proprietary VPN server (for details refer to chapter 23 Kerio VPN).
Most of the modern desktop antivirus programs (antivirus applications designed to protect desktop workstations) scans also network traffic — typically HTTP, FTP and email protocols. WinRoute also provides with this feature which may cause collisions. Therefore it is recommended to install a server version of your antivirus program on the WinRoute host. The server version of the antivirus can also be used to scan WinRoute's network traffic or as an additional check to the integrated antivirus McAfee (for details, see chapter 13 Antivirus control).
If the antivirus program includes so called realtime file protection (automatic scan of all read and written files), it is necessary to exclude directories cache
(HTTP cache in WinRoute see chapter 8.5 HTTP cache) and tmp
(used for antivirus check). If WinRoute uses an antivirus to check objects downloaded via HTTP or FTP protocols (see chapter 13.3 HTTP and FTP scanning), the cache directory can be excluded with no risk — files in this directory have already been checked by the antivirus.
The McAfee integrated antivirus plugin does not interact with antivirus application installed on the WinRoute host (provided that all the conditions described above are met).