Overview
Kerio Control administrators can control the traffic based on IP addresses, groups, users, and either deny/drop or allow traffic matching these rules.
Diagnosis
Because of the built-in Kerio Control traffic rules mechanism, the rules are processed based on the order list. An implicit rule denying all traffic is shown at the end of the list; this rule cannot be removed. If there is no rule to allow particular network traffic, then the implicit rule will discard the packet.
To control user connections to HTTP/HTTPS, FTP servers, and filter contents, use the content filter available in Kerio Control for these purposes. For additional information, refer to the Overview of the Content Filter article.
Solution
Note: In this example, we will be creating a traffic rule for SSH.
-
Navigate to Configuration > Traffic Rules in Kerio Control's administration interface.
-
Click on Add. The Add New Rule window appears.
-
In the Add New Rule window, enter a name for the rule, e.g., 'Allow SSH to a group' (a) and in the Rule type tab, choose Generic (b). Click Next, when you are done (c).
-
(Optional) For port mapping, you will need to enter the host and choose the service (or services) that needs to be configured.
On the next screen, you will be able to select a different port or specific public IP address.
The example of port mapping usage is shown in the Configuring Kerio Control Firewall to Allow Kerio Connect Services article. -
(Optional) For Policy Routing, it is necessary to choose either interface or IP address.
Then Source and Services should be selected.
For more information, please refer to the Configuring Policy Routing in the Kerio Control article. -
In the Source tab, click on Users and Groups. The Select Items window appears.
-
In the Select Items window, double-click the group you want to choose (In this example, 'SSH allowed'). Click Next when you are done.
-
In the Destination tab, choose Interfaces. The Selected Items window appears.
-
In the Select Items window, choose Internet Interfaces and click Next.
-
In the Services tab, click Service. The Selected Items window appears.
-
In the Select Items window, double-click SSH to select it as the service for this rule.
Note: You can also create a rule using the Configure in Wizard, under Traffic Rules. Click on More Actions and then Configure in Wizard, and follow the instructions accordingly.
Confirmation
The rule you created in this example, to allow users to use SSH to access servers on the Internet is displayed under Configuration > Traffic Rules, as shown below: