Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Winroute Firewall blocks Remote Desktop
  •  
flux

Messages: 4
Karma: 0
Send a private message to this user
I'm looking for a way to pre-configure the Winroute Firewall so that it would do the following:

1. Allow all connections to and from all IPs on ports 80,443,3389
2. Allow Remote Administration of the Firewall (port 44433 if im not mistaking).

Again, those rules should be pre-configured BEFORE the first time the firewall is started. Otherwise, I start the firewall and get locked out without any remote administration (port 3389).

I tried to take a look at winroute.cfg but the file is way too obscure to understand what goes where.
  •  
flux

Messages: 4
Karma: 0
Send a private message to this user
Another option I just thought about is to pre-configure the firewall to allow ALL trafic on ALL adaptars. Then log on to the admin panel and set up the correct settings.
  •  
simon

Messages: 12
Karma: 0
Send a private message to this user
I am sure that the installation allows you to specify another address that you can administer the firewall from. This should allow you access to the firewall to configure all of these once the machine has been rebooted.

The other option i have seen is to create the config file on your own machine, and then copy that to the other pc before rebooting at the end of installation. That way you can configure everything before, and it would allow you full access.

  •  
flux

Messages: 4
Karma: 0
Send a private message to this user
Well, it says in the manual that in order to remotely administer the firewall, you should create a rule for the firewall remote admin port. Of course it's not logical to do so, since creating a rule is viable only when the firewall application is already running...

About the winroute.cfg you have talked about, do you have an example of where and what I should put inside that file in order for the firewall to allow 443,3389 ports from/to ALL IPs?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
flux wrote on Thu, 22 April 2004 18:59

Well, it says in the manual that in order to remotely administer the firewall, you should create a rule for the firewall remote admin port. Of course it's not logical to do so, since creating a rule is viable only when the firewall application is already running...

About the winroute.cfg you have talked about, do you have an example of where and what I should put inside that file in order for the firewall to allow 443,3389 ports from/to ALL IPs?


The manual also says that you can allow access to the firewall from certain IP address in wizard during the installation of KWF.

KWF will always block all traffic (except IP address specified in installtion wizard) after installation since it is a major requirement for ICSA certification.
  •  
flux

Messages: 4
Karma: 0
Send a private message to this user
Actually, I don't think you read the manual, even if you are working for Kerio. The manual clearly says, and I tested it, that the outside IP will be taken into account only BEFORE the restart, and if you want to remotly administer your firewall, you have to create a rule for the KWF service.

Quote from KWF manual:
Quote:


If you need to configure KWF from the Internet, it is necessary to configure a traffic rule which allows access to a predefined service called KWF admin. Explanation...



So, basically, you're telling us to configure the firewall remotely to allow a remote configuration... Not that funny...

Once you restart and fire up KWF, it locks you outside your remote desktop as soon as you click the finish button on the 7th and final step of the configuration.

Does anyone have a snippet of the XML-like code I have to implement in winroute.cfg in order for the firewall to accept all port from/to all IPs ?
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
flux wrote on Fri, 23 April 2004 02:32

Actually, I don't think you read the manual, even if you are working for Kerio. The manual clearly says, and I tested it, that the outside IP will be taken into account only BEFORE the restart, and if you want to remotly administer your firewall, you have to create a rule for the KWF service.

So, basically, you're telling us to configure the firewall remotely to allow a remote configuration... Not that funny...

Once you restart and fire up KWF, it locks you outside your remote desktop as soon as you click the finish button on the 7th and final step of the configuration.

Does anyone have a snippet of the XML-like code I have to implement in winroute.cfg in order for the firewall to accept all port from/to all IPs ?


Well, you are definitely wrong. I've read the manual.
See here http://www.kerio.com/manual/kwf/en/ch02s08.html.

--citation--
Remote Access

Immediately after the first WinRoute Firewall Engine startup all network traffic will be blocked (desirable traffic must be permitted by traffic rules — see chapter Traffic Policy). If WinRoute is installed remotely (i.e. using terminal access), communication with the remote client will be also interrupted immediately (WinRoute must be configured locally).

Within Step 2 of the configuration wizard specify the IP address of the host from which the firewall will be controlled remotely (i.e. using terminal services) to enable remote installation and administration. Thus WinRoute will enable all traffic between the firewall and the remote host.

Note: Skip this step if you install WinRoute locally.

Notice: After WinRoute has been remotely configured, the rule allowing remote access will be removed.
--end of citation--

So you have two options: allow tcp/udp port 44333 for remote administration in the Traffic policy wizard or cancel the wizard and configure traffic rules manually (in this case, the rule allowing remote access remains here).

[Updated on: Fri, 23 April 2004 09:40]

  •  
simon

Messages: 12
Karma: 0
Send a private message to this user
If you enable the remote admin during the installation of winroute, it should allow you to access the computer with any form of remote access tool. I have just tried it on a computer in my office, and it just creates a single rule allowing access from 1 specified ip address to any service on the firewall computer.

I suggest trying it out on computers that you have full access to first, before trying it remotely.
Previous Topic: Winroute Firewall 5.1.10
Next Topic: Help!! How to reset password??
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Nov 21 09:23:10 CET 2017

Total time taken to generate the page: 0.00897 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.