Phone Lines icon GFI Support Home Start a conversation Sign in
Start a conversation
  1. KerioControl
  2. KerioControl - Traffic Rules
  3. Articles

Configuring Autologin by Mac address with HTTP

Overview

While trying to set up an automatic login page to work with HTTP, a specific procedure needs to be applied. The authentication traffic should pass through Kerio Control as a reverse proxy (HTTP).

reverse_proxy_http.png

This article provides information on how to configure Traffic Rules, User settings, and DNS to achieve such a requirement.

Important: proxy server and HTTPS filtering are disabled in this scenario.
proxy_server_disabled.pnghttps_filtering_disabled.png

Solution

Note: example settings here

  • Kerio Control = 192.168.0.2
  • Local DNS = 192.168.0.1
  1. Create 2 Traffic Rules with the following parameters:
    Allow Internet for DNS, VPN and Authenticated users
    1. Source: 192.168.0.1, VPN clients, Authenticated users
    2. Destination: Internet Interfaces
    3. Services: Any
    4. Action: Allow
    5. Translation: NAT Balancing per host
    Block others
    1. Source: Any
    2. Destination: Internet Interfaces
    3. Services: Any
    4. Action: Drop
    5. Translation: NAT Balancing per host

      traffic_rules.png
  2. Enable and configure automatic user authentication using NTLM to automatically log-in AD users
  3. Assign MAC address to local database users to automatically log-in local users.
    specific_mac_address.png
  4. Enable DNS custom forwarding (* to 192.168.0.1).
    custom_dns_forward.png
  5. Renew the DHCP lease on the client side (if applicable).

Testing

Only VPN clients/Authenticated users should be able to access the Internet by using the Autologin functionality.

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments