Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » "Locked" Firewall (Commputer with FW is not accessible)
  •  
AGolovnev

Messages: 3
Karma: 0
Send a private message to this user
Hi,

I have a computer which works as "server of everything" in local network. This computer connected to 2 networks: local network (10.10.10.*/255.255.255.0) and ADSL (192.168.1.*/255.255.255.0). This computer runs Windows Server 2008 R2 with big set of roles installed. One of these roles is DHCP, which configured to assign addresses in 10.10.10.50-10.10.10.200 scope and assign Default Gateway to 10.10.10.10. (address of this server).
Before installation of Kerio WinRoute Firewall 6.7.1 patch 2 build 6544 everything was fine: server was protected by standard Windows Firewall, internet was shred using simple ICS service.
After installation of WinRoute, I'm getting very strange behavior of the server - it rejects all packets even from LAN. No any device can access the server (tested by ping, nslookup and telnet) and server can't access any other device. However, all devices can see each other, and server can access all services installed on it. Looks like server now has his own network... When I'm shutting down WinRoute, everything work correctly again.

Configurration of WinRoute is following:
- Interfaces:
- Trusted/Local - 10.10.10.10/255.255.255.0
- Internet - 192.168.1.1/255.255.255.0
- Traffic Policy:
- Default policies:
- Internet access (NAT): src Trusted/Local, dest Internet, service Any, permit, Translation NAT
- Local traffic: src FW+Trusted/Local, dest FW+Trusted/Local, service Any, permit
- Firewall traffic: src FW, dest Any, service Any, permit
- Block traffic: from any to any over any drop
- Policies created by wizard: src Any, dest FW, service DHCP, DNS, HTTP, HTTPS, etc. - one service per rule, permit

Could anybody advise what is going wrong here?

Thanks in advance,
Looking forward for your feedback.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
It seems to be one of common conflicts between firewalls and filtering services. You need to disable all firewall services in Windows 2008 (including ICS). I thinkone of the services is Base Filtering.
In general, two firewalls on the same computer at the same time usually don't work.
  •  
AGolovnev

Messages: 3
Karma: 0
Send a private message to this user
Thanks for reply.

Unfortunately I can't disable Base Filtering service, as I'm using RRAS (VPN only) which depends on this service.
Just for check, I've disabled ICS and Windows Firewall services and stopped Base Filtering. Nothing was changed - I can't ping anything in the LAN from the server and I can't ping server from any device in the LAN.
  •  
Stinger

Messages: 9

Karma: 0
Send a private message to this user
Hello,

And what about your traffic rules ??? Can you attach the screenshot ???
  •  
AGolovnev

Messages: 3
Karma: 0
Send a private message to this user
Unfrotunately no. I removed WinRoute and now trying to forget about this S/W. I suppose I'll try WinGate or TMG some later on.

Thanks to all.
Previous Topic: Initialization error: Unable to initialize driver
Next Topic: Kerio Winroute / Kerio Control Versions and VPN
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Oct 22 04:45:38 CEST 2017

Total time taken to generate the page: 0.00440 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.