Phone Lines icon GFI Support Home

Articles in this section

See more

Configuring Autologin by Mac address with HTTP

Author: Vladyslav Velychko Updated

Overview

While trying to set up an automatic login page to work with HTTP, a specific procedure needs to be applied. The authentication traffic should pass through Kerio Control as a reverse proxy (HTTP).

reverse_proxy_http.png

This article provides information on how to configure Traffic Rules, User settings, and DNS to achieve such a requirement.

Important: proxy server and HTTPS filtering are disabled in this scenario.
proxy_server_disabled.pnghttps_filtering_disabled.png

Solution

Note: example settings here

  • Kerio Control = 192.168.0.2
  • Local DNS = 192.168.0.1
  1. Create 2 Traffic Rules with the following parameters:
    Allow Internet for DNS, VPN and Authenticated users
    1. Source: 192.168.0.1, VPN clients, Authenticated users
    2. Destination: Internet Interfaces
    3. Services: Any
    4. Action: Allow
    5. Translation: NAT Balancing per host
    Block others
    1. Source: Any
    2. Destination: Internet Interfaces
    3. Services: Any
    4. Action: Drop
    5. Translation: NAT Balancing per host

      traffic_rules.png
  2. Enable and configure automatic user authentication using NTLM to automatically log-in AD users
  3. Assign MAC address to local database users to automatically log-in local users.
    specific_mac_address.png
  4. Enable DNS custom forwarding (* to 192.168.0.1).
    custom_dns_forward.png
  5. Renew the DHCP lease on the client side (if applicable).

Testing

Only VPN clients/Authenticated users should be able to access the Internet by using the Autologin functionality.

Related articles