Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Snort and Netfilter (Musto to be active the Netfilter in ALL Nics ??)

Messages: 6
Karma: 0
Send a private message to this user
I see the Netfilter checked in all the NIC's in a Kerio Control with 1 LAN and 2 WAN must to be checked in the LAN Nic or only in the 2 WAN ??

Messages: 3
Karma: 0
Send a private message to this user
Depends on what you want to achieve. If you want only to monitor the WAN with Snort and do firewalling, and don't really care about scanning the LAN with Snort, then you can disable it.

You still retain NAT capabilities and the ability to apply rules to traffic on LAN interfaces so long as you have Kerio Control enabled.

While it isn't a suggested solution, it does work.

I should note that if you are in a situation where you need to speed up access to the server for file serving duties beyond the mythical 40-50 MB/s limit commonly seen with Kerio monitoring the LAN, if you have an alternative default gateway/router for outgoing traffic to handle NAT for LAN clients, you can disable Kerio Control AND the Netfilter. Then you can easily get gigabit speeds to the server without issue. You just lose the ability for Kerio Control to do anything to that traffic - including NAT.

Can be useful in small companies with limited resources, though.
Previous Topic: Snort Suggestions
Next Topic: Control Box
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 00:47:18 CET 2017

Total time taken to generate the page: 0.00332 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.