Setting remote administration, 2 setting remote administration – Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 215
16.2 Setting Remote Administration
215
firewall’s system time. The time zone also includes information about daylight saving
time settings.
Kerio
Technologies
offers
the
following
free
NTP
servers
for
this
purpose:
0.kerio.pool.ntp.org
,
1.kerio.pool.ntp.org
,
2.kerio.pool.ntp.org
and
3.kerio.pool.ntp.org
.
16.2 Setting Remote Administration
Remote administration is connection to the firewall, its monitoring and configuration changes
with the Administration Console or with the Web Administration interface from another host
that the one on which WinRoute is installed.
If WinRoute includes only traffic rules created automatically by the wizard (see chapter
access to the remote administration is allowed via all trustworthy network interfaces (see
chapter
). This means that remote administration is available from all local hosts.
To allow or deny remote administration via the Internet (non-trusted networks), define a cor-
responding traffic rule. Traffic between WinRoute and Administration Console is performed
by TCP and UDP protocols over port 44333. The definition can be done with the predefined
service KWF Admin. the secured version of the Web Administration interface use TCP protocol,
on port 4081 by default — predefined KWF WebAdmin-SSL service.
How to allow remote administration from the Internet
In the following example we will demonstrate how to allow WinRoute remote administration
from some Internet IP addresses.
•
Source — group of IP addresses from which remote administration will be allowed (see
chapter
).
For security reasons it is not recommended to allow remote administration from an
arbitrary host within the Internet (this means: do not set Source as Any or as Internet)!
•
Destination — Firewall (host where WinRoute is installed).
•
Service — KWF Admin (connection with the Administration Console) and KWF
WebAdmin-SSL (secured version of the Web Administration interface).
It is not recommended to allow access via the unsecured version of the Web Adminis-
tration interface (theKWF WebAdmin service)! Unsecured traffic might be tapped and
misused for assaulting the firewall and local hosts behind it.
•
Action — Permit (otherwise remote administration would be blocked)
•
Translation — Because the engine is running on the firewall there is no need for trans-
lation.
Figure 16.2
Traffic rule that allows remote administration