Remote administration and update checks, Setting remote administration, Chapter – Kerio Tech Firewall6 User Manual

223

Chapter 16

Remote Administration and Update Checks

16.1 Setting Remote Administration

Remote administration can be either permitted or denied by definition of the appropriate

traffic rule. Traffic between WinRoute and Administration Console is performed by TCP and

UDP protocols over port 44333. The definition can be done with the predefined service KWF

Admin.

If WinRoute includes only traffic rules generated by the wizard, remote administration is avail-

able through all interfaces except the one which is used for Internet connection and where

NAT is enabled (see chapter

7.1

). This means that remote administration is available from all

local hosts.

How to allow remote administration from the Internet

In the following example we will demonstrate how to allow WinRoute remote administration

from some Internet IP addresses.

•

Source — group of IP addresses from which remote administration will be allowed.

For security reasons it is not recommended to allow remote administration from an

arbitrary host within the Internet (this means: do not set Source as the Web interface).

•

Destination — Firewall (host where WinRoute is running)

•

Service — KWF Admin (predefined service— WinRoute administration)

•

Action — Permit (otherwise remote administration would be blocked)

•

Translation — Because the engine is running on the firewall there is no need for trans-

lation.

Figure 16.1

Traffic rule that allows remote administration