Overview
While trying to set up an automatic login page to work with HTTP, a specific procedure needs to be applied. The authentication traffic should pass through Kerio Control as a reverse proxy (HTTP).
This article provides information on how to configure Traffic Rules, User settings, and DNS to achieve such a requirement.
Important: proxy server and HTTPS filtering are disabled in this scenario.
Solution
Note: example settings here
- Kerio Control = 192.168.0.2
- Local DNS = 192.168.0.1
- Create 2 Traffic Rules with the following parameters:
Allow Internet for DNS, VPN and Authenticated users
- Source: 192.168.0.1, VPN clients, Authenticated users
- Destination: Internet Interfaces
- Services: Any
- Action: Allow
- Translation: NAT Balancing per host
- Source: Any
- Destination: Internet Interfaces
- Services: Any
- Action: Drop
- Translation: NAT Balancing per host
- Enable and configure automatic user authentication using NTLM to automatically log-in AD users
- Assign MAC address to local database users to automatically log-in local users.
- Enable DNS custom forwarding (* to 192.168.0.1).
- Renew the DHCP lease on the client side (if applicable).
Testing
Only VPN clients/Authenticated users should be able to access the Internet by using the Autologin functionality.