Kerio Tech Firewall6 User Manual

Chapter 2

Introduction

12

•

The Windows Firewall / Internet Connection Sharing system service. WinRoute can

automatically detect and disable this service on its host system.

•

The Routing and Remote Access (RRAS) system service in the Windows Server

operating systems. This service also allows Internet connection sharing (

NAT

).

WinRoute can detect if there is NAT enabled in the RRAS service and it displays

a warning if it’s the case. Then, the server administrator has to to disable the

NAT in the RRAS service configuration.

If NAT is not enabled, no low-level collisions will occur and WinRoute may be

used along with RRAS.

•

Network firewalls — i.e. Microsoft ISA Server, CheckPoint Firewall-1, WinProxy (by

Ositis), Sygate Office Network and Sygate Home Network, etc.

•

Personal firewalls, such as Sunbelt Personal Firewall, Zone Alarm, Sygate Personal

Firewall, Norton Personal Firewall, etc.

•

Software designed to create virtual private networks (VPN) — i.e. software appli-

cations developed by the following companies: CheckPoint, Cisco Systems, Nor-

tel, etc. There are many such applications and their features vary from vendor to

vendor.

Under proper circumstances, use of the VPN solution included in WinRoute is

recommended (for details see chapter

23

). Otherwise, we recommend you to test

a particular VPN server or VPN client with WinRoute trial version or to contact

our technical support (see chapter

26

).

Note: VPN implementation included in Windows operating system (based on the

PPTP protocol) is supported by WinRoute.

Port collision

Applications that use the same ports as the firewall cannot be run at the WinRoute host

(or the configuration of the ports must be modified).

If all services are running, WinRoute uses the following ports:

•

53/UDP

— DNS Forwarder

•

67/UDP

— DHCP server

•

1900/UDP

— SSDP Discovery service

•

2869/TCP

— UPnP Host service

The SSDP Discovery and UPnP Host services are included in the UPnP support

(refer to chapter

18.2

).

•

44333/TCP+UDP

— traffic between Kerio Administration Console and WinRoute

Firewall Engine. This service cannot be stopped.

The following services use corresponding ports by default. Ports for these services can

be changed.

•

443/TCP

— server of the SSL-VPN interface (see chapter

24

)

•

3128/TCP

— HTTP proxy server (see chapter

8.4

)

•

4080/TCP

— Web administration interface (refer to chapter

11

)

•

4081/TCP

— secured (SSL-encrypted) version of the Web administration interface

(see chapter

11

)