Kerio WinRoute Firewall

Administrator's Guide

Kerio Technologies s.r.o.


This guide provides detailed description on configuration and administration of Kerio WinRoute Firewall, version 6.7.1. All additional modifications and updates reserved. User interfaces Kerio StaR and Kerio Clientless SSL-VPN are focused in a standalone document, Kerio WinRoute Firewall — User's Guide. The Kerio VPN Client application is described in a stand-alone document Kerio VPN Client — User's Guide.

For current version of the product, go to http://www.kerio.com/firewall/download. For other documents addressing the product, see http://www.kerio.com/firewall/manual.

Information regarding registered trademarks and trademarks are provided in appendix A  Legal Notices.

Products Kerio WinRoute Firewall and Kerio VPN Client include open source software. To view the list of open source items included, refer to attachment B  Used open source items.


Table of Contents

1  Quick Checklist
2  Introduction
2.1  What's new in 6.7.1
2.2  Conflicting software
2.3  System requirements
2.4  Installation - Windows
2.5  Initial configuration wizard (Windows)
2.6  Upgrade and Uninstallation - Windows
2.7  Installation - Software Appliance and VMware Virtual Appliance
2.8  Upgrade - Software Appliance / VMware Virtual Appliance
2.9  WinRoute Components
2.10  WinRoute Engine Monitor (Windows)
2.11  The firewall's console (Software Appliance / VMware Virtual Appliance)
3  WinRoute Administration
3.1  Administration Console - the main window
3.2  Administration Console - view preferences
4  Product Registration and Licensing
4.1  License types and number of users
4.2  License information
4.3  Registration of the product in the Administration Console
4.4  Product registration at the website
4.5  Subscription / Update Expiration
4.6  User counter
5  Network interfaces
6  Internet Connection
6.1  Persistent connection with a single link
6.2  Connection with a single leased link - dial on demand
6.3  Connection Failover
6.4  Network Load Balancing
7  Traffic Policy
7.1  Network Rules Wizard
7.2  How traffic rules work
7.3  Definition of Custom Traffic Rules
7.4  Basic Traffic Rule Types
7.5  Policy routing
7.6  User accounts and groups in traffic rules
7.7  Partial Retirement of Protocol Inspector
7.8  Use of Full cone NAT
7.9  Media hairpinning
8  Configuration of network services
8.1  DNS module
8.2  DHCP server
8.3  Dynamic DNS for public IP address of the firewall
8.4  Proxy server
8.5  HTTP cache
9  Bandwidth Limiter
9.1  How the bandwidth limiter works and how to use it
9.2  Bandwidth Limiter configuration
9.3  Detection of connections with large data volume transferred
10  User Authentication
10.1  Firewall User Authentication
11  Web Interface
11.1  Web interface preferences
11.2  User authentication at the web interface
12  HTTP and FTP filtering
12.1  Conditions for HTTP and FTP filtering
12.2  URL Rules
12.3  Content Rating System (Kerio Web Filter)
12.4  Web content filtering by word occurrence
12.5  FTP Policy
13  Antivirus control
13.1  Conditions and limitations of antivirus scan
13.2  How to choose and setup antiviruses
13.3  HTTP and FTP scanning
13.4  Email scanning
13.5  Scanning of files transferred via Clientless SSL-VPN (Windows)
14  Definitions
14.1  IP Address Groups
14.2  Time Ranges
14.3  Services
14.4  URL Groups
15  User Accounts and Groups
15.1  Viewing and definitions of user accounts
15.2  Local user accounts
15.3  Local user database: external authentication and import of accounts
15.4  User accounts in Active Directory — domain mapping
15.5  User groups
16  Administrative settings
16.1  System configuration (Software Appliance / VMware Virtual Appliance)
16.2  Setting Remote Administration
16.3  Update Checking
17  Advanced security features
17.1  P2P Eliminator
17.2  Special Security Settings
18  Other settings
18.1  Routing table
18.2  Universal Plug-and-Play (UPnP)
18.3  Relay SMTP server
19  Status Information
19.1  Active hosts and connected users
19.2  Network connections overview
19.3  List of connected VPN clients
19.4  Alerts
20  Basic statistics
20.1  Volume of transferred data and quota usage
20.2  Interface statistics
21  Kerio StaR - statistics and reporting
21.1  Monitoring and storage of statistic data
21.2  Settings for statistics and quota
21.3  Connection to StaR and viewing statistics
22  Logs
22.1  Log settings
22.2  Logs Context Menu
22.3  Alert Log
22.4  Config Log
22.5  Connection Log
22.6  Debug Log
22.7  Dial Log
22.8  Error Log
22.9  Filter Log
22.10  Http log
22.11  Security Log
22.12  Sslvpn Log
22.13  Warning Log
22.14  Web Log
23  Kerio VPN
23.1  VPN Server Configuration
23.2  Configuration of VPN clients
23.3  Interconnection of two private networks via the Internet (VPN tunnel)
23.4  Exchange of routing information
23.5  Example of Kerio VPN configuration: company with a filial office
23.6  Example of a more complex Kerio VPN configuration
24  Kerio Clientless SSL-VPN (Windows)
24.1  Configuration of WinRoute's SSL-VPN
24.2  Usage of the SSL-VPN interface
25  Specific settings and troubleshooting
25.1  Configuration Backup and Transfer
25.2  Configuration files
25.3  Automatic user authentication using NTLM
25.4  FTP on WinRoute's proxy server
25.5  Internet links dialed on demand
26  Technical support
26.1  Essential Information
26.2  Tested in Beta version
A  Legal Notices
B  Used open source items
Glossary of terms
Index