kerio 2.15

Discussion in 'other firewalls' started by ellison64, Jun 7, 2006.

Thread Status:
Not open for further replies.
  1. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Can anyone help me understand the internet gateway protection option in 2.15?.Heres what it says.......
    ........................................................................
    Kerio Personal Firewall can also be used for protecting an Internet gateway, i.e. a computer that provides access to the Internet for computers in a local network (a router or a NAT router). Typically, this can be done in combination with Microsoft's Internet Connection Sharing (ICS) application, a component of Windows 98 SE, Me, 2000 and XP operating systems. ICS enables access to the Internet for all local computers via a single IP address. However, it does not provide any protection from external attacks. In combination with Kerio Personal Firewall you can have a secure shared Internet connection.

    Personal Firewall is designed for protecting a single computer. However, a great amount of packets pass the internet gateway (router) that are not addressed to this computer. In order not to be forced to define complex packet filters, Personal Firewall can be switched to a special mode designed for Internet gateways. This can be done in the Firewall Configuration window (after pressing the Advanced button) on the Miscellaneous tab by enabling the option Is running on Internet gateway.

    Note: Do not enable this option if Personal Firewall does not really run on an real Internet gateway as the security level of your computer will be downgraded.
    ................................................................................
    Now i have one 98se computer (dynamic IP) connected to actiontec dsl gateway router.Should i enable the above? and if so does anyone know exactly what enabling that option would achieve?.I have run kerio for over a year and half without that option ,with no problems but im just curious and looking more at the things that you can do in this firewall.I picked up a tip on this site ...http://www.urs2.net/rsj/computing/kerio/index.html whereby i made a rule for secure port 443 which would only use custom addresses that i put in manually for my bank etc.I was quite suprised visiting sites which showed http in the address bar and yet had a popup from kerio (ive ticked to display alert box) for an address that uses 443 that seems totally irrelevant to the site.Might all just be nonsense , but intresting to me nonetheless.
    ellison
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I wouldn't turn it on because if you aren't on a true internet gateway like the article said it will degrade the protection it can provide. I also am useing Kerio 2.1.5
     
  3. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Hi bigc...
    That what im confused about.I dont know if i am or not?.The dsl gateway has NAT enbaled so i thought that it was a gateway?.I wont enable it but still a little confused and puzzeled to waht it actually achieves though.
    ellison
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    your router or modem has a nat firewall, but to be a true internet gateway your computer would have to be the gateway for other computers on a network, not the router or modem. so you are not on a real internet gateway as far as Kerio is concerned.
     
  5. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Ahhh i see....thank you for that,i undertsand now..While on the subject of kerio , would you check this rule setting for firefox ?.It seems to work ok .Originally the first rule for firefox had any address for remote port ,but i then found that the second rule (for the https) wouldnt work as the "any address" was covering that.So i put just my routers address in instead and now everything seems to work ok ,including alerts for https,that are not custom addresses which i inputted.The https rule is just for curiosity really ,im not sure if theres any use for it yest.
    ellison
     

    Attached Files:

Thread Status:
Not open for further replies.