Configuring proxy server

Even though the NATNetwork address translation - A method that remaps IP addresses by changing network address information. technology used in Kerio Control enables direct access to the Internet from all local hosts, it contains a standard non-transparent proxy server.

You can use it, for example, when Kerio Control is deployed within a network with many hosts where proxy server has been used. Thus, the Internet connection is kept if proxy server is used, and you don't have to re-configure all the host (or only some hosts require re-configuration).


If you use a non-transparent proxy server, the filtering of HTTPS connections does not work.

Configuring the proxy server

  1. In the administration interface, go to Proxy Server.
  2. Select option Enable non-transparent proxy server. This option enables the HTTP proxy server in Kerio Control on the port in the Port entry (3128 port is set by the default).
  3. To enable a tunnelled connection on non-standard TCPTransmission Control Protocol - ensures packet transmission. ports (for example, connecting to remote Kerio Control administration placed in the Internet from your local network), select option Allow tunnelled connections to all TCP ports.


This option affects HTTPS traffic only. You can always access HTTP on any port via non-transparent proxy.

  1. Click Apply.

Configuring browsers

To communicate through non-transparent proxy server, you must configure web browsers on client hosts. You have several options for this configuration:


The automatic configuration of browsers may take several hours. Browsers must ask for a new configuration.

Forwarding to parent proxy server

You can use a parent proxy server for non-transparent proxy traffic, update checks, Kerio Antivirus updates downloads, and for connecting to the online Kerio Control Web Filter databases.

  1. In the administration interface, go to Proxy Server.
  2. Select Use parent proxy server.
  3. Type the IP address or the DNS name of the parent proxy server to the Server field.
  4. Type a port number behind the colon.
  5. If your provider gives you credentials for authentication, select option Parent proxy server requires authentication and type the credentials.


Credentials are sent with each HTTP request. Only Basic authentication is supported.