This manual describes configuration steps to be taken for implementation of Kerio Control in a model network. This network includes most elements present in a real-life Kerio Control network — Internet access from the local network, protection against attacks from the Internet, access to selected services on the LAN from the Internet, user access control, automatic configuration of clients on the LAN, user authentication in the Active Directory domain, user browsing behavior control, etc.
This document also describes interconnection of the headquarters network with branch office network(s) by an encrypted channel (VPN tunnel) as well as secured access of clients to the local network via the Internet using Kerio Control tools.
This manual provides guidelines for quick setup. Detailed information addressing individual Kerio Control features and configuration instructions are provided in the Kerio Control — Administrator's Guide available at http://www.kerio.com/control/manuals.
Kerio Control configuration will be better understood through an example of a model network shown at figure 1.1 Network configuration example.
It is recommended to reserve a standalone server for the firewall's purposes (Internet gateway). Such server can be:
A physical or virtual server with Windows.
Use Kerio Control in a Windows edition installed in the system as an application. The firewall can be run along with other server applications, such as the mailserver with groupware fetaured Kerio Connect. However, the firewall host should not be used as a user workstation.
Implementation on a server with Windows is suitable especially in minor networks where only one server is available, or if you want to use Kerio Control to replace an existing software firewall or proxy server.
A physical or virtual server without operating system.
If there is a physical or virtual server reserved where no other applications will be run, it is recommended to use the Kerio Control's Appliance edition which provides firewall including a host operating system. Compared with the Windows edition on the same hardware, this version offers higher performance and network throughput. It also guarantees no collisions with incompatible applications and system services. However, no other applications can be hosted on the same system along with the firewall.
For virtualization systems VMware and Parallels, virtual appliances are ready available for import and instant startup.
Kerio Control Box hardware device.
This box consists of Kerio Control in edition Appliance installed on a special optimized hardware device. In smaller networks, it can be also used as a switch for connection of local stations.
The Kerio Control box is available in two types different in performance and number of network ports.