Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Network/Mask in address group not work in Firewall Rule
  •  
sarotphan

Messages: 1
Karma: 0
Send a private message to this user
I'm got problem when using Address Groups in Firewall Rules
When I'm uses Host , Network/Range to define in Address Groups
then Group can uses in Firewall Rules (Source or Destination)
but for Network/Mask. it doesn't effect in Firewall Rules

However , if not put Network/Mask in address groups
but put direct in Source or Destination, firewall rule working well also.

Is this can called as bug ?

I'm testing on KWF5.1.3 without McAfee
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
sarotphan wrote on Mon, 01 March 2004 04:16

I'm got problem when using Address Groups in Firewall Rules
When I'm uses Host , Network/Range to define in Address Groups
then Group can uses in Firewall Rules (Source or Destination)
but for Network/Mask. it doesn't effect in Firewall Rules

However , if not put Network/Mask in address groups
but put direct in Source or Destination, firewall rule working well also.

Is this can called as bug ?

I'm testing on KWF5.1.3 without McAfee


Can you specify what network address and network mask you want to define?
Did you tried it on latest version of KWF (5.1.9)?
  •  
Damion Milliken

Messages: 1
Karma: 0
Send a private message to this user
Hi!

I'm running Kerio 4.0.16 and I think I've encountered the same problem. I have previously encountered the "IP groups ranges do not appear to work" (see http://forums.kerio.com/index.php?t=msg&goto=6734&S= 061b191c39dc7f58636655475b423525&SQ=cea3c025dc370bf27179 92153b16d10a#msg_6734) and the issue appears to perhaps be similar.

I had an entry for Windows Media Player, to allow it to gather update information. Then I added a whole bunch of other firewall rules. Then I used Windows Media Player again, and added some music to my library. Windows Media Player wanted to check song information online, and download various things like album covers and such. After adding a whole bunch more addresses to the firewall rule, I found that they were all 207.46.XXX.XXX addresses, so I deleted them all and added a single entry for 207.46.0.0/255.255.0.0 instead. Then suddenly everything stopped working, and Windows Media Player couldn't contact any 207.46.XXX.XXX addresses at all.

As far as I can tell, adding a new rule to the end of the rules to allow this address/mask combination doesn't work around the problem like it does for the IP Groups issue, either. In fact, adding an IP Range rule doesn't seem to help, either (IP Range = 207.46.0.0 to 207.46.254.254).

Does anyone have any ideas, other than adding each entry individually?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
I have alse problems with address groups and traffic rules. Some rules work others don't. This is the case where I enter the host as a url (ftp.intel.com, time.windows.com. Sometimes it works, sometimes it does not.
Also using address groups and HTTP/FTP rules failes. One day the HTTP of FTP is allowed, another day (or time of day) its not. There are no time restrictions preventing the rules.
Previous Topic: vpn issue
Next Topic: HTTP Policy - Cobion Filter
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 16:08:44 CET 2017

Total time taken to generate the page: 0.00370 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.