Overview
Users of Kerio Control may notice unexpected outbound connections from their firewall. This can raise concerns about potential security implications. This article provides guidance on how to identify the specific process or service on Kerio Control that is initiating these connections.
Solution
These calls are appmanager (GFI agent) connections. GFI agent uses tailscale to connect to the AppManager network and 10.239.x.x is the internal IP CIDR for internal resources. You can navigate to Active Connections. This will allow you to identify whether the connection is outbound or inbound by examining the source and destination details.
If for some reason, the connection to these IP addresses are dropped and you are using GFI AppManager, you can create a traffic rule to allow traffic.
Summary
Unexpected outbound connections from the mentioned addresses can be the connection to GFI AppManager and they should be allowed if you are using AppManager