Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
User Accounts and Groups Additional rights: Users can override WWW content rules This option specifies application of ruled for web page elements for pages matching an existing URL rule. For details on this right, refer to chapter 16.2. User can unlock URL rules This option allows its members one-shot bypassing of denial rules for blocked websites (if allowed by the corresponding URL rule — see chapter 13.2). All performed unlock actions are traced in the Security log. Users can dial RAS connection If the Internet connection uses dial-up lines, users of this group will be allowed to dial and hang up these lines in the Web interface (see chapter 12). Users can connect using VPN Members of the group can connect to the local network via the Internet using the Kerio VPN Client (for details, see chapter 23). User can use Clientless SSL-VPN Members of this group will be allowed to access shared files and folders in the local network via the Clientless SSL-VPN web interface. The Clientless SSL-VPN interface and the corresponding user right in Kerio Control is available for Windows only. For details, see chapter 24. Users are allowed to use P2P networks The P2P Eliminator module (detection and blocking of Peer-to-Peer networks — see chapter 8.4) will not be applied to members of this group. Users are allowed to view statistics Users in this group will be allowed to view firewall statistics in the web interface (see chapter 12). Group access rights are combined with user access rights. This means that current user rights are defined by actual rights of the user and by rights of all groups in which the user is included. 238
Chapter 17 Administrative settings 17.1 System configuration (Software Appliance / VMware Virtual Appliance) In the Software Appliance / VMware Virtual Appliance edition, the Kerio Control administration console allows setting of a few basic parameters of the firewall’s operating system. These settings are necessary for correct functionality of the firewall and they can be found in Configuration / Advanced options, on the System Configuration tab. Figure 17.1 System configuration — host name, date, time and time zone Server name Name is important both for some Kerio Control services (e.g. secured web interface) and for the firewall’s operating system’s services. The DNS module in Kerio Control sets IP addresses of all the firewall’s interfaces for the name automatically. If another DNS server is used in the local network, it is necessary to set corresponding DNS records on it. Date, time and time zone Many Kerio Control features (user authentication, logs, statistics, etc.) require correct setting of date, time and time zone on the firewall. Date and time can be set automatically but it is more useful to use an NTP server which provides information about the current time and allows automatic management of the 239
- Page 187 and 188: 13.5 FTP Policy Open the General ta
- Page 189 and 190: 13.5 FTP Policy Scan content for vi
- Page 191 and 192: 14.2 How to choose and setup antivi
- Page 193 and 194: 14.2 How to choose and setup antivi
- Page 195 and 196: 14.3 HTTP and FTP scanning Warning:
- Page 197 and 198: 14.3 HTTP and FTP scanning Use the
- Page 199 and 200: 14.4 Email scanning If only an aste
- Page 201 and 202: 14.4 Email scanning Figure 14.9 Set
- Page 203 and 204: 14.5 Scanning of files transferred
- Page 205 and 206: 15.2 Time Ranges Figure 15.2 IP gro
- Page 207 and 208: 15.3 Services Figure 15.4 Time rang
- Page 209 and 210: 15.3 Services Protocol The communic
- Page 211 and 212: 15.4 URL Groups Note: 1. Generally,
- Page 213 and 214: 15.4 URL Groups Examples:: • www.
- Page 215 and 216: 16.1 Viewing and definitions of use
- Page 217 and 218: 16.2 Local user accounts Accounts m
- Page 219 and 220: 16.2 Local user accounts Name Usern
- Page 221 and 222: 16.2 Local user accounts Step 3 —
- Page 223 and 224: 16.2 Local user accounts Figure 16.
- Page 225 and 226: 16.2 Local user accounts Within thi
- Page 227 and 228: 16.3 Local user database: external
- Page 229 and 230: 16.4 User accounts in Active Direct
- Page 231 and 232: 16.4 User accounts in Active Direct
- Page 233 and 234: 16.4 User accounts in Active Direct
- Page 235 and 236: 16.5 User groups Note: In case of u
- Page 237: 16.5 User groups Using the Add and
- Page 241 and 242: 17.3 Update Checking Figure 17.2 Tr
- Page 243 and 244: 17.3 Update Checking Last update ch
- Page 245 and 246: 18.1 Routing table Route Types The
- Page 247 and 248: 18.2 Universal Plug-and-Play (UPnP)
- Page 249 and 250: 18.3 Relay SMTP server 18.3 Relay S
- Page 251 and 252: Chapter 19 Status Information Kerio
- Page 253 and 254: 19.1 Active hosts and connected use
- Page 255 and 256: 19.1 Active hosts and connected use
- Page 257 and 258: 19.1 Active hosts and connected use
- Page 259 and 260: 19.2 Network connections overview
- Page 261 and 262: 19.2 Network connections overview F
- Page 263 and 264: 19.4 Alerts • Session duration.
- Page 265 and 266: 19.4 Alerts • Connection failover
- Page 267 and 268: 19.4 Alerts Click an event to view
- Page 269 and 270: 20.1 Volume of transferred data and
- Page 271 and 272: 20.2 Interface statistics Figure 20
- Page 273 and 274: 20.2 Interface statistics Figure 20
- Page 275 and 276: 21.1 Monitoring and storage of stat
- Page 277 and 278: 21.2 Settings for statistics and qu
- Page 279 and 280: 21.3 Connection to StaR and viewing
- Page 281 and 282: 21.3 Connection to StaR and viewing
- Page 283 and 284: 22.1 Log settings Figure 22.1 Log s
- Page 285 and 286: 22.1 Log settings Figure 22.3 Syslo
- Page 287 and 288: 22.2 Logs Context Menu • Target f
User Accounts and Groups<br />
Additional rights:<br />
Users can override WWW content rules<br />
This option specifies application of ruled for web page elements for pages matching an<br />
existing URL rule. For details on this right, refer to chapter 16.2.<br />
User can unlock URL rules<br />
This option allows its members one-shot bypassing of denial rules for blocked websites<br />
(if allowed by the corresponding URL rule — see chapter 13.2). All performed unlock<br />
actions are traced in the Security log.<br />
Users can dial RAS connection<br />
If the Internet connection uses dial-up lines, users of this group will be allowed to dial<br />
and hang up these lines in the Web interface (see chapter 12).<br />
Users can connect using VPN<br />
Members of the group can connect to the local network via the Internet using the <strong>Kerio</strong><br />
VPN Client (for details, see chapter 23).<br />
User can use Clientless SSL-VPN<br />
Members of this group will be allowed to access shared files and folders in the local<br />
network via the Clientless SSL-VPN web interface.<br />
The Clientless SSL-VPN interface and the corresponding user right in <strong>Kerio</strong> Control is<br />
available for Windows only. For details, see chapter 24.<br />
Users are allowed to use P2P networks<br />
The P2P Eliminator module (detection and blocking of Peer-to-Peer networks — see<br />
chapter 8.4) will not be applied to members of this group.<br />
Users are allowed to view statistics<br />
Users in this group will be allowed to view firewall statistics in the web interface (see<br />
chapter 12).<br />
Group access rights are combined with user access rights. This means that current user rights<br />
are defined by actual rights of the user and by rights of all groups in which the user is included.<br />
238