Overview
While changing your ISP (Internet Service Provider), you will get a new Public IP assigned. This will need specific Kerio Control configuration change to avoid firewall outage or system disruption for the end-users, i.e. the company employees.
This article provides information about which settings should be altered in case of provider change.
Prerequisites
Administrator access to the Kerio Control
Solution
Kerio Control stores ISP-related information in several places.
Network Interfaces
In the Kerio Control Webadmin > Configuration > Interfaces, double-click the necessary network interface and change the previous IP address, Mask, Gateway, and DNS server details to the new configuration.
In the case of Load Balancing/Failover setup, it might be required to change advanced settings for availability detection "Use the following specified IP addresses as the probe hosts".
If there are custom speed and duplex configured and the new provider provides different values, it might be needed to review and change the current settings.
For more information about interfaces, please refer to Configuring network interfaces in Kerio Control.
Traffic Rules
If you have created any Traffic Rule that defines the previous ISP's IP address, then you should change those to the new ISP's IP address. For more information, please refer to Configuring Generic Traffic Rules in Kerio Control.
Bandwidth Management and QoS
Under Configuration > Bandwidth Management and QoS, you should change the Internet Interface's link bandwidth to the new contracted Download/Upload bandwidth.
Reverse Proxy
If you are using Kerio Control reverse proxy server for external web clients to access internal resources, then you should change the public (ISP) IP address.
DNS
If you're using custom DNS forwarding, you should consider reviewing the settings and changing them if needed.
ISPs often configure their DNS servers that they refuse to serve clients located outside of the ISP's own network. If Kerio Control is connected to multiple ISPs, which is very likely in the link load balancing scenario, its DNS forwarder must always query the right DNS server using the right internet link. If the DNS server of provider A is queried using the internet link of provider B, it might refuse the query.
IP address groups
If the previous ISP's IP address was used in custom IP address groups, you should change it accordingly. For more information, please refer to Configuring IP Address Groups in Kerio Control.