i've had kerio 2.1.5 running for a couple of months now and so far i've found it to be a good guard dog - anything trying to get out throws up an alert and online scans show it's running in stealth mode. the log file was empty for a long time - in fact i was starting to wonder if kerio logging function was working - then suddenly over the past couple of days i've been getting pages of TCP ack packet attack blocked messages - does anyone know why this has suddenly started happening? there are thousands of log entries? i'm running dial up. here's a logshot....
ah i remember now - i switched on "log suspicious packets" well i'm certainly getting lots of "suspicious packets" the question is why?
it's ok i think i found the answer - apparently kerio has an issue with multiple connections. i've been fiddling around with different connection configs lately.
For high number of multiple connections, have you tried increasing the buffer for the fw.sys registry entry?