Overview

While changing your ISP (Internet Service Provider), you will get a new Public IP assigned. This will need specific Kerio Control configuration change to avoid firewall outage or system disruption for the end-users, i.e. the company employees.

This article provides information about which settings should be altered in case of provider change.

Prerequisites

Administrator access to the Kerio Control

Solution

Kerio Control stores ISP-related information in several places.

Network Interfaces

In the Kerio Control Webadmin > Configuration > Interfaces, double-click the necessary network interface and change the previous IP address, Mask, Gateway, and DNS server details to the new configuration.

In the case of Load Balancing/Failover setup, it might be required to change advanced settings for availability detection "Use the following specified IP addresses as the probe hosts".

If there are custom speed and duplex configured and the new provider provides different values, it might be needed to review and change the current settings.

For more information about interfaces, please refer to Configuring network interfaces in Kerio Control.

Traffic Rules

If you have created any Traffic Rule that defines the previous ISP's IP address, then you should change those to the new ISP's IP address. For more information, please refer to Configuring Generic Traffic Rules in Kerio Control.

Bandwidth Management and QoS

Under Configuration > Bandwidth Management and QoS, you should change the Internet Interface's link bandwidth to the new contracted Download/Upload bandwidth.

Reverse Proxy

If you are using Kerio Control reverse proxy server for external web clients to access internal resources, then you should change the public (ISP) IP address.

DNS

If you're using custom DNS forwarding, you should consider reviewing the settings and changing them if needed.

ISPs often configure their DNS servers that they refuse to serve clients located outside of the ISP's own network. If Kerio Control is connected to multiple ISPs, which is very likely in the link load balancing scenario, its DNS forwarder must always query the right DNS server using the right internet link. If the DNS server of provider A is queried using the internet link of provider B, it might refuse the query.

IP address groups

If the previous ISP's IP address was used in custom IP address groups, you should change it accordingly. For more information, please refer to Configuring IP Address Groups in Kerio Control.