Services in Kerio Control
Services are defined by a communication protocol and by a port number (e.g. the HTTPHypertext Transfer Protocol - protocol for exchange of hypertext documents in HTML. service uses the TCPTransmission Control Protocol - ensures packet transmission. protocol with the port number 80). You can create groups of services which simplifies creating traffic rules.
You can also match so-called protocol inspectorThe inspector filters the communication or adapt the firewall's behavior according to the protocol type. with certain service types. For more information refer to Protocol inspection in Kerio Control.
Example: You want to perform protocol inspector of the HTTP protocol at port 8080:
- In the administration interface, go to Definitions > Services. Some standard services, such as HTTP, FTPFile Transfer Protocol - Protocol for transferring computer files from a server., DNSDomain Name System - A database enables the translation of hostnames to IP addresses and provides other domain related information. etc., are already predefined.
- Click Add.
- In the Add Service dialog, type a name of a new service — HTTP 8080.
- Type a description.
- Select a TCP protocol.
The other option allows protocol specification by the number in the IP packet header. Any protocol carried in IP (e.g. GRE — protocol number is
can be defined this way.
- Select the HTTP protocol inspector.
- Type 8080 to Destination port. If the TCP or UDPUser Datagram Protocol - ensures packet transmission. communication protocol is used, the service is defined with its port number. In case of standard client-server types, a server is listening for connections on a particular port (the number relates to the service), whereas clients do not know their port in advance (ports are assigned to clients during connection attempts). This means that source ports are usually not specified, while destination ports are usually known in case of standard services. Source and destination ports can be specified as:
- Any — all the ports available (
- Equal to — a particular port
- Greater than, Less than — all ports with a number that is either greater or less than the number defined
- In range — all ports that fit to the range defined (including the initial and the terminal ones)
- List — list of the ports divided by
- Save the settings.
This ensures that the HTTP protocol inspector will be automatically applied to any TCP traffic at port 8080 and passing through Kerio Control.
Creating service groups simplifies creating traffic rules because you do not have to use all the services in your traffic rules. If you need a rule for more services, create a group of all these services and work with the group during creating the traffic rule. For more information refer to Configuring traffic rules.
A good example for creating group of services is Kerio Connect — mail server from Kerio Technologies.
- In the administration interface, go to Definitions > Services.
- Click Add > Add Service Group.
- In the Add Service Group dialog, type a name of the new group.
- Click Add.
- In the Select items dialog, select required service and click OK.
- Repeat step 5 for other services.
- When the new service group is ready, click OK.
The service group is finished and you can use it for creating a traffic rule.