Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Setup Kerio Control in a virtual machine
  •  
ebatte

Messages: 169
Karma: 0
Send a private message to this user
Can anyone tell me something, when setting up in a VM how should the virtual network adapters be configured. In Parallels, in my case, would the virtual adapters be mapped to two separate physical adapters?

Does the physical adapter need to be connected directly to the ISP router?

The reason I ask is that the default adapter settings don't connect to the internet. Local/trusted works and I can reach the admin page, but nothing gets routed through to the internet.

Thanks
  •  
ebatte

Messages: 169
Karma: 0
Send a private message to this user
Let me clarify my question: The default adapter settings in the VM are adapter 1=bridged to default adapter, adapter 2=host-only. Assuming this is the correct way for it to be configured, how does vm adapter 2 connect to the internet?

In my case I have a static IP address assigned by my ISP. I've entered this address in adapter 2 settings in Kerio Control admin by no devices on the LAN connect to the internet.

I'm trying to migrate from a physical server running the software appliance to a virtual appliance. The exact same settings work fine in the software appliance, but I assume that's because adapter 2 is a physical adapter that is connected directly to the cable modem.

Assistance with this would be appreciated.

Thanks again
  •  
germanr

Messages: 293

Karma: 7
Send a private message to this user
We use VMWARE Esxi and we always leave a physical adapter exclusively for the WAN (the internet connection). Then we share the physical LAN adapter for all the virtual machines with VMware´s virtual switches.

[Updated on: Tue, 03 July 2012 16:54]


German Ruiz
Home & Office
Kerio Prefered Partner
Uruguay
  •  
ebatte

Messages: 169
Karma: 0
Send a private message to this user
I spent some time with Kerio Tech Support as well as Parallels Tech Support yesterday trying to understand and get it working. I came out of it with the same scenario: a physical adapter on the ISP's subnet must bridged to the virtual adapter for it to work.

After demonstrating this worked, I'm now concerned that this leaves the host computer exposed to the internet. If the physical adapter (#2) is connected to the internet, then the host computer is therefore connected to the internet. However, if the hosts adapter (#1) is setup with a gateway/router address that points to Kerio Control's IP then perhaps that's not the case.

Do you agree?
  •  
germanr

Messages: 293

Karma: 7
Send a private message to this user
We don´t use parallels here. I agree that you cannot connect the physical NIC directly to the Host. However you can asign only that physicial adapter only to one virtual machine (that would be the Kerio control internet interface) for security reasons.
Here is a printscreen of what is our server that has two physical adapters.

Regards


German Ruiz
Home & Office
Kerio Prefered Partner
Uruguay
  •  
ebatte

Messages: 169
Karma: 0
Send a private message to this user
Sorry, I didn't understand your response. Does the physical adapter #2 connected to the internet leave the host exposed if the gateway of physical adapter #1 is set to the Kerio Control IP?
  •  
germanr

Messages: 293

Karma: 7
Send a private message to this user
What I would do is the following.

Physical adapter #1 in Virtual Switch #1 to virtual adapter #1 of LAN in Control. That is the LAN gateway.

Physical adapter #2 to Virtual switch #2 and to the WAN virtual adapter of control.

You should be secure and the LAN will not be exposed if the traffic rules of Control are OK.

I wouldn´t put in the same virtual switch the internet link with the local LAN.

German Ruiz
Home & Office
Kerio Prefered Partner
Uruguay
Previous Topic: How do I force a non domain users to log out of the firewall when deactivate the account
Next Topic: Upgrade from 6.1 to 7.3
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Sep 20 00:36:49 CEST 2017

Total time taken to generate the page: 0.00454 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.