Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » HTTP Protocol Inspector blocks to much
  •  
mk77

Messages: 5
Karma: 0
Send a private message to this user
Hi..
Yesterday I installed Kerio Winroute Firewall 5.1.10 with McAffee. All semmed to work perfect...
..but tody i noticed 3 issues:

1. when Client Computers want to update their Antivirus Definitons with G-Data Antivirenkit 2004 they get the warning: Updateserver not found

2. when Client Computers want to use a proxy server (www-proxy.t-online.de Port 80 in my case) they are getting "404 Page not found" Errors...

3. when i use the t-online proxy as parent for winroute, McAffee plugin can't update and the same problem as described in 2. (but now the winroute proxy in their settings)

But - if i disable the HTTP Inspector at the HTTP Service everything above disappears... but i cant't filter (not used till now - but is planed) and scan for viruses with the internal McAffee anymore...

Are this known Problems? Is there a workaround? Will it be fixed in future Versions?

Because if 1. 3. would work with enabled Inspector (2. isn't very important) i would recommend my boss to buy a 20+ Kerio Personal Firewall with McAffee and Cobion Filter license..
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
mk77 wrote on Thu, 13 May 2004 17:17

Hi..
Yesterday I installed Kerio Winroute Firewall 5.1.10 with McAffee. All semmed to work perfect...
..but tody i noticed 3 issues:

1. when Client Computers want to update their Antivirus Definitons with G-Data Antivirenkit 2004 they get the warning: Updateserver not found


What protocol are they using?
Common configuration problem is enabled authentication of users when they are accessing the Internet via HTTP. In this case, the user (computer) that is not logged yet is redirected to the firewall login page. You can create an exception for servers with antivirus updates or point antivirus update engine to the proxy server in KWF and fill username/password.
The second minor issue is that antivirus engine associated with KWF denies update files of some antivirus products because it found virus signatures in these files.

Quote:


2. when Client Computers want to use a proxy server (www-proxy.t-online.de Port 80 in my case) they are getting "404 Page not found" Errors...



Yes, that's true. HTTP protocol inspector converts absolute URL to relative one (i.e. removes server name from the URL).
This behavior is configurable via configuration file.

Quote:


3. when i use the t-online proxy as parent for winroute, McAffee plugin can't update and the same problem as described in 2. (but now the winroute proxy in their settings)


I'm not quite sure but this can be the same issue as 1.
Quote:


But - if i disable the HTTP Inspector at the HTTP Service everything above disappears... but i cant't filter (not used till now - but is planed) and scan for viruses with the internal McAffee anymore...

Are this known Problems? Is there a workaround? Will it be fixed in future Versions?

Because if 1. 3. would work with enabled Inspector (2. isn't very important) i would recommend my boss to buy a 20+ Kerio Personal Firewall with McAffee and Cobion Filter license..

  •  
mk77

Messages: 5
Karma: 0
Send a private message to this user
Wow... fast reply..

PavelDobry wrote on Thu, 13 May 2004 18:14


What protocol are they using?
Common configuration problem is enabled authentication of users when they are accessing the Internet via HTTP. In this case, the user (computer) that is not logged yet is redirected to the firewall login page. You can create an exception for servers with antivirus updates or point antivirus update engine to the proxy server in KWF and fill username/password.
The second minor issue is that antivirus engine associated with KWF denies update files of some antivirus products because it found virus signatures in these files.



As far as i know (sniffed Wink) first it connects to a page from G-Data - this page only contains the uptodate version numbers of the Antivirus files und if there are newer available then it dowloads the new definitions via http...
but the first step already don't work (getting version information)
The Program don't like Proxies very much - i don't understand why - sometimes it uses the proxy, sometimes not... so i have to make a working direct-connection
Hmm... for this test, all computers had unlimited access to all services without any http restrictions (freshly installed winroute - setup with wizzard - dial up - with access to all services - everything on default - and some mappings for ssh, www, ftp servers
So, no user shold have restricted access and need to authenticate to Winroute (only during test phase)


Quote:


Yes, that's true. HTTP protocol inspector converts absolute URL to relative one (i.e. removes server name from the URL).
This behavior is configurable via configuration file.



Ahh.. I think, this could be THE solution for all 3 problems !?!
I would be pleased if you could say me where to make what entry.
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
mk77 wrote on Thu, 13 May 2004 18:49


Ahh.. I think, this could be THE solution for all 3 problems !?!
I would be pleased if you could say me where to make what entry.



Stop Winroute engine and edit the winroute.cfg file. Set the "RemoveHostFromURL" value to "0".

Please note that this setting is for specific situation when the proxy server in the Internet is using default HTTP port TCP/80 for accepting connections (instead of common "proxy ports" 8080, 3128 etc.).
It is not neccessary if proxy port is different from port(s) defined in KWF HTTP service.
  •  
mk77

Messages: 5
Karma: 0
Send a private message to this user
Wow.. Thank you!
All 3 Problems are solved.
Now everything works perfect - as far as i have tested it till now..

I think, i'll recommend it to my boss because till now it's the best product for our needs. (I hope he buys a License bevore the end of Trial period;-))
Previous Topic: How can I update McAfee Scanning engine
Next Topic: Logs and other screens get greyed
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 17 20:40:13 CET 2017

Total time taken to generate the page: 0.00445 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.