Overview
The configuration assistant is used for an easy instant basic configuration of Kerio Control. By default, it is opened automatically upon logon to the administration interface. If this feature is disabled, you can start the wizard by clicking on the Configuration Assistant on Dashboard.
NOTE
It is not necessary to use the configuration assistant or its individual features. Experienced administrators can configure Kerio Control without these tools.
The configuration assistant allows the following settings:
Configure Internet connection and the local network
Once these parameters are configured, the Internet connection (IPv4) and access from local devices behind the firewall should work. The wizard automatically configures the DHCP server and the DNS forwarder modules.
Select your connectivity mode:
Single Internet Link
- On the first page of the wizard, select A Single Internet Link.
- Click Next.
- Select a network interface (Internet link).
- Select mode:
- Automatic — the interface where Kerio Control detected the default gateway is used. Therefore, in most cases, the appropriate adapter is already set within this step.
- Manual — you can change configuration of the default gateway, DNS servers, IP address, and subnet mask.
NOTE
If the more IP addresses are set for the interface, the primary IP address will be displayed.
- PPPoE — enter the username and password from your Internet provider.
- Click Next.
- Select interface connected to the local network. If multiple interfaces are connected to the local network, select the interface you are currently using for connection to the Kerio Control administration.
- Click Next.
- Verify your configuration and click Finish.
You can check the result in the Interfaces. The Internet Interfaces group includes only the Internet interface selected on the second page of the wizard. The LAN adapter selected on the third page of the wizard is included in the groupTrusted/Local Interfaces.
Other interfaces are added to the group Other Interfaces. For these interfaces, it will be necessary to define corresponding traffic rules manually (e.g. DMZ creation rule).
Two Internet links with load balancing
If at least two Internet links are available, Kerio Control can divide the traffic between both of them:
- On the first page of the wizard, select Two Internet links with load balancing.
- Click Next.
- Select two interfaces to be used as Internet links with traffic load balance. For each link, it is necessary to specify link weight, i.e. its relative throughput. The weight of individual links indicates how Internet traffic is distributed among the links (it should correspond with their speed ratio).
EXAMPLE
You have two Internet links with connection speed 4 Mbit/s and 8 Mbit/s. You set weight 4 for the first link and weight 8 for the other one. The total Internet connection load will therefore be divided in the proportion 1:2.
- Select mode:
- Automatic — the interface where Kerio Control detected the default gateway is used. Therefore, in most cases, the appropriate adapter is already set within this step.
- Manual — you can change configuration of the default gateway, DNS servers, IP address and subnet mask. If the more IP addresses are set for the interface, the primary IP address will be displayed.
- PPPoE — enter the username and password from your Internet provider.
- Click Next.
- Select the interface connected to the local network. If multiple interfaces are connected to the local network, select the interface you are currently using for connection to the Kerio Control administration.
- Click Next.
- Verify your configuration and click Finish.
You can check the result in the Interfaces. The Internet Interfaces group includes the Internet links selected on the third page of the wizard.
Only the LAN adapter selected on the third page of the wizard is included in the group Trusted/Local Interfaces.
Other interfaces are added to the group Other Interfaces. For these interfaces, it will be necessary to define corresponding traffic rules manually (e.g. DMZ creation rule).
Two Internet links with failover
Kerio Control allows guaranteed Internet connection by an alternative (back-up) connection. This connection back-up is launched automatically whenever failure of the primary connection is detected. When Kerio Control finds out that the primary connection is recovered again, the secondary connection is disabled and the primary one is re-established automatically.
- On the first page of the wizard, select Two Internet links with failover.
- Click Next.
- Select a network interface to be used for the primary connection and for the secondary connection.
- Select mode:
- Automatic — the interface where Kerio Control detected the default gateway is used. Therefore, in most cases, the appropriate adapter is already set within this step.
- Manual — you can change the configuration of the default gateway, DNS servers, IP address, and subnet mask. If the more IP addresses are set for the interface, the primary IP address will be displayed.
- PPPoE — enter the username and password from your Internet provider.
- Click Next.
- Select the interface connected to the local network. If multiple interfaces are connected to the local network, select the interface you are currently using for Kerio Control administration connection.
- Click Next.
- Verify your configuration and click Finish.
You can check the result in the Interfaces section.
Only the LAN adapter selected on the third page of the wizard is included in the group Trusted/Local Interfaces.
Other interfaces are considered as not used and added to the group Other Interfaces. For these interfaces, it will be necessary to define corresponding traffic rules manually (e.g. DMZ creation rule).
NOTE
When using failover, only two Internet Connections may be applied, one for the primary, and the other as a failover.
General notes
- A default gateway must not be set on any of the local interfaces.
- If the interface configuration does not correspond with the real network configuration, edit it (e.g. if the firewall uses multiple interfaces for the local network, move corresponding interfaces to the group Trusted/Local Interfaces).
Define traffic policy
The network rules wizard enables you to configure only a basic set of traffic rules:
- In the Configuration Assistant dialog, click Define traffic policy.
- Enable any of the following options:
- VPN services connection to the Kerio VPN server or IPsec VPN server. Enable these services if you want to create VPN tunnels and/or connect remotely to the local network by using Kerio VPN Client or IPsec VPN clients.
- Kerio Control Administration — enables remote administration of Kerio Control. This option allows HTTPS traffic on port
4081
(you cannot change the port of the administration interface). - Web Services — enables the HTTP/S communication on the 80/443 ports. Check this option, if you want to have your public web servers behind the firewall (mailserver, your company website, etc.).
- Click Next.
- To make any other services on the firewall or servers in the local network available from the Internet (mapping), click Add.
- In the Inbound policy section, you can configure the following parameters:
- Service (or a group of services) — select services from the list of defined services or define a protocol and a port number. For more information refer to Services in Kerio Control.
- Runs on — firewall or IP address of the local server on which the service is running.
- Arrange the rules by order with arrows on the right side of the window. The rules are processed from the top downwards and the first matched rule is applied.
- Click Finish.
You can perform advanced configuration in the Traffic Rules section. For more information refer to Configuring traffic rules.
Export your configuration
The configuration is exported to a .tgz
package that includes all the key Kerio Control configuration files. Optionally, it is possible to include SSL certificates and DHCP leases in the package.
The exported configuration does not include the Kerio Control license key.
NOTE
Kerio Control can automatically upload configuration files to MyKerio or FTP (see Saving configuration to MyKerio and Saving configuration to FTP server).
Import configuration files
- Download the configuration file from the FTP server or MyKerio.
- In the administration interface, click Configuration Assistant.
- In Configuration Assistant, click Import configuration.
- Click Upload Configuration File.
- Select a method for the import:
- Restore from backup — Kerio Control rewrites everything including basic TCP/IP settings.
- Transfer configuration from another Kerio Control installation — TCP/IP settings as IP addresses stay unchanged.
- Click Finish.
Kerio Control restarts and applies the configuration.
If network interfaces have been changed since the export took place (for example, exchange of a defective network adapter) or if the configuration is imported from another computer, Kerio Control attempts to pair the imported network interfaces with the real interfaces in the appliance. You can match each network interface from the imported configuration with one interface of the firewall or leave it unpaired.