Phone Lines icon GFI Support Home

Articles in this section

See more

Modifying Configuration Parameters in Kerio Control

Author: Vladyslav Velychko Updated

Overview

In some situations, administrators may need to change the Kerio Control configuration directly. For example, this needs to be done when there is a need to adjust a setting that is not available in the web administration.

NOTE: Direct changes to the configuration should only be performed when a Kerio support representative provides specific instructions.

This article explains how you can access the Operating System either via local console or via remote login. It also explains how you can modify or update the configuration.

 

Process

Accessing the Operating System


To update the configuration directly, you must log in to the Operating System shell environment. You can access the shell either directly from the console or remotely using a Secure Shell tunnel (SSH).

 

To access the shell via local console:

  1. In the Kerio Control console, press Alt + F2.
  2. As the login name, enter root.
  3. Enter a local administrator password.
  4. To close the session, enter exit.
  5. Press Alt + F1 to return to the initial screen.


To access the shell via remote login (SSH):

  • To remotely access the secure shell, you need a client program, such as PuTTY.
  • If you are using Linux or Mac, you can open a Secure Shell tunnel using the terminal.

    NOTE: In the default traffic rules configuration, Kerio Control allows remote login only from the Trusted/Local network.
  • To enable remote login in the web administration:
    1. Hold the Shift key and go to Status > System Health.
    2. Click Enable SSH.

      WIN-U0IDVC469G0_2018-11-29_13-04-05.png

    3. In your Secure Shell program, open a new connection to the Kerio Control server address.
    4. As the login name, enter root.
    5. Enter a local administrator password.


Modifying the Configuration

  • To update the configuration, enter:

    /opt/kerio/winroute/tinydbclient "update table set variable=value"
  • To apply the new configuration, enter:

    /etc/boxinit.d/60winroute restart


For example:

  • Disabling the 3-way TCP handshake security feature:

    ~ # /opt/kerio/winroute/tinydbclient "update Firewall set Require3WayHandshake=0"
    ~ # /etc/boxinit.d/60winroute restart
  • Requiring TLS version 1.1 and higher:

    ~ # /opt/kerio/winroute/tinydbclient "update SSL set DisabledProtocols='SSLv2,SSLv3,TLSv1'"
    ~ # /etc/boxinit.d/60winroute restart

disabled_protocols.png

Related articles