Overview
Kerio Control Virtual Appliance for Hyper-V is a UTM (United Threat Management) solution distributed as a virtual appliance for Hyper-V. Hyper-V specifically provides hardware virtualization. Each virtual machine runs on virtual hardware. Hyper-V lets you create virtual hard drives, virtual switches, and other virtual devices that can be added to virtual machines.
The software provides a complex set of features for security of local networks, Internet access control, users' activity monitoring, and secure remote VPN connections.
Prerequisites
Learn more about license options, pricing, license purchase, and system requirements.
Solution
Importing, Installation and Basic Configuration
- Download the Kerio Control Hyper-V Virtual Appliance package and unpack the distribution Zip package into the desired target location (e.g.
C:\KerioControl
). - The server needs to have the Hyper-V role set. Follow the instructions on how to enable the Hyper-V role on Windows Server or Windows 10.
- Open the Hyper-V Manager. Go to New > Virtual machine and run the new virtual machine wizard.
- Choose Generation 1. Kerio Control does not support Generation 2 virtual machines.
- Choose the existing virtual hard disk option and browse the location of the .vhd file.
- Start the virtual machine after finishing the wizard.
Kerio Control checks all interfaces for a DHCP server in the network, and the DHCP server provides a default route after the installation:
- If there is more than one Internet interface with a default route, Kerio Control arranges them in the load balancing mode.
- For all interfaces without any detected DHCP (Dynamic Host Configuration Protocol) server, Kerio Control runs its own DHCP server through all configured LAN interfaces to
10.10.X.Y
, whereX
is the index of the LAN interface (starting with 10) whileY
is 1 for the control interface, and 11-254 is for DHCP assigned hosts.
Setting a Static MAC Address for the Kerio Control Appliance
Hyper-V assigns dynamic MAC (Media Access Control) addresses by default while Kerio Control needs a static MAC address. Follow these steps to set a static MAC address:
- In Virtual Machine Manager, go to properties of the Kerio Control appliance.
- In Properties, go to Hardware Configuration.
- In Hardware Configuration, select Static in the MAC address section.
Firewall Administration
The Kerio Control Administration web interface allows full remote administration of the firewall and viewing of status information and logs. The web administration interface is available at: https://<kerio_control_ip_address>:4081/admin.
For example, https://10.10.10.1:4081/admin.
Authenticate and log in with the username Admin
and the password configured during the product activation.
Note: Kerio Control must be accessible on the IP Address from your LAN. Additionally, remote administration via the Internet must be enabled explicitly by the firewall's traffic rules.
Firewall Console
Remote administration options are available in the firewall console of the virtual computer. Upon authenticating, this console allows you to change basic settings of the firewall, restore default settings after the installation, and shut down or restart the computer.
The firewall's console allows:
- Modifying the configuration of network interfaces (e.g., if network configuration changes or if an incorrect interface was chosen for the local network during the firewall installation).
- Changing the traffic policy of the firewall so that remote administration is not blocked (if the connection to the administration fails).
- Shutting down or restarting the firewall.
- Recovering the default configuration by restarting the initial configuration wizard. This is particularly useful when the firewall does not work correctly, and you cannot easily fix the configuration.
Note: This option removes all configuration parameters and data, restoring the firewall settings as applied in the first startup on Hyper-V.