Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Traffic Rules
  3. Articles

Configuring Generic Traffic Rules in Kerio Control

Overview

Kerio Control administrators can control the traffic based on IP addresses, groups, users, and either block or allow traffic matching these rules.

The traffic policy consists of rules ordered by the rule priority, and they are processed from the top downwards, where the first matched rule is applied. The order of the rules can be changed with two arrow buttons on the right side of the window, or by dragging the rules within the list.

 

 

Diagnosis

Because of the built-in Kerio Control traffic rules mechanism, the rules are processed based on the order list. An implicit rule denying all traffic is shown at the end of the list; this rule cannot be removed. If there is no rule to allow particular network traffic, then the implicit rule will discard the packet.

To control user connections to HTTP/HTTPS, FTP servers, and filter contents, use the content filter available in Kerio Control for these purposes. For additional information, refer to the Overview of the Content Filter article.

Solution

Note: In this example, we will be creating a traffic rule for SSH. 

  1. Navigate to ConfigurationTraffic Rules in Kerio Control's administration interface.

  2. Click on Add. The Add New Rule window appears.

  3. In the Add New Rule window, enter a name for the rule, e.g., 'Allow SSH to a group' (a) and in the Rule type tab, choose Generic (b). Click Next, when you are done (c).

    002.png

  4. (Optional) For port mapping, you will need to enter the host and choose the service (or services) that needs to be configured.

    003.png
    On the next screen, you will be able to select a different port or specific public IP address.

    004.png
    The example of port mapping usage is shown in the Configuring Kerio Control Firewall to Allow Kerio Connect Services article.

  5. (Optional) For Policy Routing, it is necessary to choose either interface or IP address.

    005.png
    Then Source and Services should be selected.

    006.png
    For more information, please refer to the Configuring Policy Routing in the Kerio Control article.    

  6. In the Source tab, click on Users and Groups. The Select Items window appears.

  7. In the Select Items window, double-click the group you want to choose (In this example, 'SSH allowed'). Click Next when you are done.

    007.png

  8. In the Destination tab, choose Interfaces. The Selected Items window appears.

    008.png

  9. In the Select Items window, choose Internet Interfaces and click Next.

  10. In the Services tab, click Service. The Selected Items window appears.

  11. In the Select Items window, double-click SSH to select it as the service for this rule.

    009.png

Note: You can also create a rule using the Configure in Wizard, under Traffic Rules. Click on More Actions and then Configure in Wizard, and follow the instructions accordingly.

Back to top

 

Confirmation

The rule you created in this example, to allow users to use SSH to access servers on the Internet is displayed under ConfigurationTraffic Rules, as shown below:

010.png

 

Back to top

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments