Configuring proxy server
Even though the NATNetwork address translation - A method that remaps IP addresses by changing network address information. technology used in Kerio Control enables direct access to the Internet from all local hosts, it contains a standard non-transparent proxy server.
You can use it, for example, when Kerio Control is deployed within a network with many hosts where proxy server has been used. Thus, the Internet connection is kept if proxy server is used, and you don't have to re-configure all the host (or only some hosts require re-configuration).
NOTE
The proxy server can be used for HTTPHypertext Transfer Protocol - protocol for exchange of hypertext documents in HTML., HTTPSHypertext Transfer Protocol - version of HTTP secured by SSL. and FTPFile Transfer Protocol - Protocol for transferring computer files from a server. protocols. Proxy server does not support the SOCKS protocol.
WARNING
If you use a non-transparent proxy server, the filtering of HTTPS connections does not work.
Configuring the proxy server
- In the administration interface, go to Proxy Server.
- Select option Enable non-transparent proxy
server. This option enables the HTTP proxy server in Kerio Control on the
port in the Port entry (
3128
port is set by the default). - To enable a tunnelled connection on non-standard TCPTransmission Control Protocol - ensures packet transmission. ports (for example, connecting to remote Kerio Control administration placed in the Internet from your local network), select option Allow tunnelled connections to all TCP ports.
NOTE
This option affects HTTPS traffic only. You can always access HTTP on any port via non-transparent proxy.
- Click Apply.
Configuring browsers
To communicate through non-transparent proxy server, you must configure web browsers on client hosts. You have several options for this configuration:
- Configure browsers manually: type the IP addressAn identifier assigned to devices connected to a TCP/IP network. or DNSDomain Name System - A database enables the translation of hostnames to IP addresses and provides other domain related information. name of the proxy server and port (3128 is the default port for Kerio Control) in the proxy server settings in the browser
- In the Kerio Control administration in the Proxy Server section, switch the mode for automatic proxy configuration script to
Kerio Control non-transparent proxy server, and add the following address to
the browsers settings:
http://192.168.1.1:3128/pac/proxy.pac
where192.168.1.1
is the IP address of the Kerio Control host and number3128
represents the port of the proxy server (see above). - In the Kerio Control administration in the Proxy Server section, switch the mode for automatic proxy configuration script to Allow browsers to use configuration script automatically via DHCPDynamic Host Configuration Protocol - A protocol that automatically gives IP addresses and additional configuration to hosts in a network. server in Kerio Control. All browsers must select Automatically detect settings in the proxy server settings.
NOTE
The automatic configuration of browsers may take several hours. Browsers must ask for a new configuration.
Forwarding to parent proxy server
You can use a parent proxy server for non-transparent proxy traffic, update checks, Kerio Antivirus updates downloads, and for connecting to the online Kerio Control Web Filter databases.
- In the administration interface, go to Proxy Server.
- Select Use parent proxy server.
- Type the IP address or the DNS name of the parent proxy server to the Server field.
- Type a port number behind the colon.
- If your provider gives you credentials for authentication, select option Parent proxy server requires authentication and type the credentials.
NOTE
Credentials are sent with each HTTP request. Only
Basic
authentication is supported.