Configuration Assistant

The configuration assistant is used for an easy instant basic configuration of Kerio Control. By default, it is opened automatically upon logon to the administration interface. If this feature is disabled, you can start the wizard by clicking on Configuration Assistant on Dashboard.

The configuration assistant allows the following settings:

Configure Internet connection and the local network

Once these parameters are configured, the Internet connection (IPv4Version 4 of the Internet Protocol.) and access from local devices behind the firewall should work. The wizard automatically configures the DHCPDynamic Host Configuration Protocol - A protocol that automatically gives IP addresses and additional configuration to hosts in a network. server and the DNSDomain Name System - A database enables the translation of hostnames to IP addresses and provides other domain related information. forwarder modules.

Select your connectivity mode:

Single Internet Link

1. On the first page of the wizard, select A Single Internet Link.
2. Click Next.
3. Select a network interface (Internet link).
4. Select mode:

• Automatic — the interface where Kerio Control detected the default gateway is used. Therefore, in most cases the appropriate adapter is already set within this step.
• Manual — you can change configuration of the default gateway, DNS servers, IP addressAn identifier assigned to devices connected to a TCP/IP network. and subnet mask.

• PPPoEA type of tunneled link, which is established over top of a physical network interface. — enter the username and password from your Internet provider.

5. Click Next.
6. Select interface connected to the local network. If multiple interfaces are connected to the local network, select the interface you are currently using for connection to the Kerio Control administration.
7. Click Next.
8. Verify your configuration and click Finish.

You can check the result in section Interfaces. The Internet Interfaces group includes only the Internet interface selected in the second page of the wizard. The LANLocal area network - A network that connects computers and other devices in a small area. adapter selected on the third page of the wizard is included in the group Trusted/Local Interfaces.

Other interfaces are added to the group Other Interfaces. For these interfaces, it will be necessary to define corresponding traffic rules manually (e.g. DMZDemilitarized zone - A security method that separates internal LAN networks from external networks. creation rule).

Two Internet links with load balancing

If at least two Internet links are available, Kerio Control can divide traffic between both of them:

1. On the first page of the wizard, select Two Internet links with load balancing.
2. Click Next.
3. Select two interfaces to be used as Internet links with traffic load balance. For each link it is necessary to specify link weight, i.e. its relative throughput. The weight of individual links indicates how Internet traffic is distributed among the links (it should correspond with their speed ratio).

4. Select mode:

• Automatic — the interface where Kerio Control detected the default gateway is used. Therefore, in most cases the appropriate adapter is already set within this step.
• Manual — you can change configuration of the default gateway, DNS servers, IP address and subnet mask. If the more IP addresses are set for the interface, the primary IP address will be displayed.
• PPPoE — enter the username and password from your Internet provider.

5. Click Next.
6. Select the interface connected to the local network. If multiple interfaces are connected to the local network, select the interface you are currently using for connection to the Kerio Control administration.
7. Click Next.
8. Verify your configuration and click Finish.

You can check the result in section Interfaces. The Internet Interfaces group includes the Internet links selected in the third page of the wizard.

Only the LAN adapter selected on the third page of the wizard is included in the group Trusted/Local Interfaces.

Other interfaces are added to the group Other Interfaces. For these interfaces, it will be necessary to define corresponding traffic rules manually (e.g. DMZ creation rule).

Two Internet links with failover

Kerio Control allows guarantee Internet connection by an alternative (back-up) connection. This connection back-up is launched automatically whenever failure of the primary connection is detected. When Kerio Control finds out that the primary connection is recovered again, the secondary connection is disabled and the primary one is re-established automatically.

1. On the first page of the wizard, select Two Internet links with failover.
2. Click Next.
3. Select a network interface to be used for the primary connection and for the secondary connection.
4. Select mode:

• Automatic — the interface where Kerio Control detected the default gateway is used. Therefore, in most cases the appropriate adapter is already set within this step.
• Manual — you can change configuration of the default gateway, DNS servers, IP address and subnet mask. If the more IP addresses are set for the interface, the primary IP address will be displayed.
• PPPoE — enter the username and password from your Internet provider.

5. Click Next.
6. Select the interface connected to the local network. If multiple interfaces are connected to the local network, select the interface you are currently using for connection to the Kerio Control administration.
7. Click Next.
8. Verify your configuration and click Finish.

You can check the result in section Interfaces.

Only the LAN adapter selected on the third page of the wizard is included in the group Trusted/Local Interfaces.

Other interfaces are considered as not used and added to the group Other Interfaces. For these interfaces, it will be necessary to define corresponding traffic rules manually (e.g. DMZ creation rule).

General notes

• A default gateway must not be set on any of the local interfaces.
• If the interface configuration does not correspond with the real network configuration, edit it (e.g. if the firewall uses multiple interfaces for the local network, move corresponding interfaces to the group Trusted/Local Interfaces).

Define traffic policy

The network rules wizard enables you to configure only a basic set of traffic rules:

1. In the Configuration Assistant dialog, click Define traffic policy.
2. Enable any of the following options:

• VPNVirtual private network - A network that enables users connect securely to a private network over the Internet. services connection to the Kerio VPN server or IPsec VPN server. Enable these services if you want to create VPN tunnels and/or connect remotely to the local network by using Kerio VPN Client or IPsecInternet Protocol security - A network protocol used to encrypt and secure data sent over a network. VPN clients.
• Kerio Control Administration — enables remote administration of Kerio Control. This option allows HTTPSHypertext Transfer Protocol - version of HTTP secured by SSL. traffic on port 4081 (you cannot change the port of the administration interface).
• Web Services — enables the HTTPHypertext Transfer Protocol - protocol for exchange of hypertext documents in HTML./S communication on the 80/443 ports. Check this option, if you want to have your public web servers behind the firewall (mailserver, your company website, etc.).

3. Click Next.
4. To make any other services on the firewall or servers in the local network available from the Internet (mapping), click Add.

5. In the Inbound policy section, you can configure the following parameters:

• Service (or a group of services) — select services from the list of defined services or define a protocol and a port number. For more information refer to Services in Kerio Control.
• Runs on — firewall or IP address of the local server on which the service is running.

6. Arrange the rules by order with arrows on the right side of the window. The rules are processed from the top downwards and the first matched rule is applied.
7. Click Finish.

You can perform advanced configuration in the Traffic Rules section. For more information refer to Configuring traffic rules.

Export your configuration

Configuration is exported to a .tgz package which includes all the key Kerio Control configuration files. Optionally, it is possible to include SSLSecure Sockets Layer - A protocol that ensures integral and secure communication between networks. certificates and DHCP leases in the package.

Exported configuration does not include the Kerio Control license key.

Import configuration files

1. Download the configuration file from the FTP server or MyKerio.
2. In the administration interface, click Configuration Assistant.
3. In Configuration Assistant, click Import configuration.
4. Click Upload Configuration File.
5. Select a method for the import:

• Restore from backup — Kerio Control rewrites everything including basic TCP/IPTransmission Control Protocol/Internet Protocol - Communication protocols that connect computer hosts to the Internet. settings.
• Transfer configuration from another Kerio Control installation — TCPTransmission Control Protocol - ensures packet transmission./IP settings as IP addresses stays unchanged.

6. Click Finish.

Kerio Control restarts and applies the configuration.

If network interfaces have been changed since the export took place (for example, in case of exchange of a defective network adapter) or if the configuration is imported from another computer, Kerio Control attempts to pair the imported network interfaces with the real interfaces in the appliance. You can match each network interface from the imported configuration with one interface of the firewall or leave it unpaired.

If network interfaces cannot be simply paired, review the Interfaces section.

Register product

For more information refer to Configuring the Activation Wizard.