Overview
Kerio Control includes protocol inspectors, which monitor all traffic on application protocols, such as HTTP (Hypertext Transfer Protocol) and FTP (File Transfer Protocol). The inspectors filter the communication or adapt the firewall's behavior according to the protocol type. This article covers the process of properly configuring the Protocol inspection feature.
Step-By-Step Guide
Applying Protocol Inspection to a Non-standard Port
- In the administration interface, go to Definitions > Services.
- Click Add > Add Service.
- In the Add Service dialog box, enter the name and description of the service.
- In the Protocol drop-down list, choose TCP.
- In the Protocol inspector drop-down list, choose FTP.
- In the Destination port section, choose the Equal to condition and enter the port number (2101 in this example).
- Click OK. From now on, Kerio Control applies the FTP protocol on the non-standard port 2101.
Disabling a Protocol Inspector
Note: Disable protocol inspectors only for troubleshooting purposes.
Disabling a protocol inspector may break the functionality within the protocol or prevent content from being scanned. If you disable SIP (Session Initiation Protocol) or FTP protocol inspectors, their communication fails.
There are two ways to disable protocol inspectors:
- In the Services section you can disable protocol inspection for all traffic.
- In the Traffic Rules section you can disable protocol inspection for traffic meeting the condition of the rule.
Disabling Protocol Inspectors in Services
Suppose that a communication to an Internet server does not work correctly. The HTTP protocol inspector stops the communication because it appears to be malicious. To troubleshoot, you can disable the HTTP protocol inspector to see if that solves the problem.
- In the administration interface, go to Definitions > Services.
- Double-click the HTTP service.
- In the Edit Service dialog box, from the Protocol inspector drop-down list, choose None.
- Save your settings.
Disabling Protocol Inspectors in Traffic Rules
In Traffic Rules, you can disable protocol inspectors for a particular traffic rule. For this example, the HTTP server placed in the Internet is used:
- In the administration interface, go to Traffic Rules.
- Right-click a table header and choose Columns > Inspector.
- In any single rule, double-click the Inspector column and choose None.
- Click Apply. Kerio Control disables the protocol inspector for that traffic rule.