I downloaded Kerio Control Trial and Installed in a Windows 2003 server, the installation was fine and the product works fine. I installed in my office server, which has 2 network interfaces (one internal and one external) and is our Domain Controller.
I was able to create rules, forward ports, etc as expected.
1) However, when go to the "Users" feature and I chose to import / load my user-list from my Domain Controller I insert my credentials and it took for ever and the application keeps unstable. After that, I can close the Kerio control and even rebooting the server, when I open it again and click in "Users" features the process continue and the application stop working again. The only solution is to remove and install again, but I'm unable to import my DC accounts. Is this a well know problem? There is any workaround?
2) I could create rules to users access the internet over Kerio proxy, which enforces URL restriction, it's nice. However, I can't add different groups or users with different access levels.
For example, I want that all users being denied when accessing common search engines (the pre built-in URL policy) but I want that two users / machines (the owners of the company) have unrestricted access.
I created a user for the two owners, and when the page get blocked by Kerio Control I inserted the credentials that I created, but it says that the credential is not authorized to access this resource.
I tried a workaround, blocking port 3128 from the two owner's computers and allowing only to them full NAT to port 80 and 443, but very uncommon it continues to be redirected to the proxy. Maybe when the proxy is started all connections to port 80 and 443 are redirected to proxy bypassing the firewall rules?
How to solve this situation? I mean, I need a special groups without any website restrictions and another with the restrictions.
If I understood it right, you have installed your Kerio Control on a DC. Am I right?
If that is the case, it is not a typical setup of having your DC exposed to another application or to the public network. Over time, it is a practice that a machine that is configured to be a DC should be a dedicated one.
If its possible for you, have your Kerio Control installed on a separate machine and try setting up your Active Directory connection to your DC. This works well in my case.
Secondly, for your HTTP rules. You may simply create a separate rules for whatever policy you wanted to implement on a separate sets or groups of users. This will help you not to go over the complications of NAT, a simple internet proxy rule will do.
Hope this helps
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of