Protocol inspection in Kerio Control

Kerio Control includes protocol inspectors, which monitor all traffic on application protocols, such as HTTPHypertext Transfer Protocol - protocol for exchange of hypertext documents in HTML. and FTPFile Transfer Protocol - Protocol for transferring computer files from a server.. The inspectors filter the communication or adapt the firewall's behavior according to the protocol type.

For example, the HTTP protocol inspector monitors traffic between browsers and web servers. The protocol inspector blocks connections to particular pages or downloads of particular types of content (for example, images or pop-ups).

Each protocol inspector applies to a specific protocol and service. By default, all available protocol inspectors are used in definitions of corresponding services. (They are applied to matching traffic automatically.)

To apply a protocol inspector explicitly to other traffic, you must edit or add a new service where this inspector to be used.

Applying protocol inspection to a non standard port

As an example, if you connect to a remote FTP server on the non standard port 2101, you must create a new service for TCPTransmission Control Protocol - ensures packet transmission. 2101 that uses the FTP inspector:

  1. In the administration interface, go to Definitions > Services.
  2. Click Add > Add Service.
  3. In the Add Service dialog box, type the name and description of the service.
  4. In the Protocol drop-down list, select TCP.
  5. In the Protocol inspectorThe inspector filters the communication or adapt the firewall's behavior according to the protocol type. drop-down list, select FTP.
  6. In the Destination port section, select the Equal to condition and type the port number (2101 in our example).
  7. Click OK.

From now on, Kerio Control applies the FTP protocol on the non-standard port 2101.

Disabling a protocol inspector

IMPORTANT

Disable protocol inspectors only for troubleshooting purposes.

Disabling a protocol inspector may break the functionality within the protocol or prevent content from beeing scanned. If you disable SIPSession Initiation Protocol - Communication protocol used for voice and video calls in Internet telephony or private IP telephone systems. or FTP protocol inspectors, their communication fails.

There are two ways to disable protocol inspectors:

  • In the Services section, to disable protocol inspection for all traffic
  • In the Traffic Rules section, to disable protocol inspection for traffic meeting the condition of the rule

Disabling protocol inspectors in services

Supposed that a communication to an Internet server does not work correctly. The HTTP protocol inspector stops the communication because it appears to be malicious. To troubleshoot, you can disable the HTTP protocol inspector to see if that solves the problem.

  1. In the administration interface, go to Definitions > Services.
  2. Double-click the HTTP service.
  3. In the Edit Service dialog box, in the Protocol inspector drop-down list select None.
  4. Save your settings.

Disabling a protocol inspector

Now try to access the HTTP server from the Internet. If it is accessible, you have your answer. Enable the HTTP protocol inspector for the service and disable it in the particular traffic rule, as described below.

Disabling protocol inspectors in traffic rules

In Traffic Rules, you can disable protocol inspectors for a particular traffic rule. For our example we will use the HTTP server placed in the Internet:

  1. In the administration interface, go to Traffic Rules.
  2. Right-click a table header and select Columns > Inspector.
  3. In any single rule, double-click the Inspector column and select None.
  4. Click Apply.

Kerio Control disables the protocol inspector for that traffic rule.

Disable a protocol inspector