Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Multiple IPs not recognized (ISP give 2 ip's, firewall assigns 1.)
  •  
Leonmeijer88

Messages: 10

Karma: 0
Send a private message to this user
Hello all,

On a new VPS I've installed the Control demo version but since the installation one of the two ip's I have is not recognized by the firewall.

I obtain 2 ip adresses by DHCP (when firewall is off, in the details of the network connection I see that I have two IP adresses assigned via DHCP) but when the firewall is on, only one IP is used.

My workarround is to set the two IP's manually but this is not what I want. What could cause this?
  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
Hmmm if i understand good.
On LAN NIC you need remove gateway!

Question cannot be stupid, but some of the answers can.
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
Actually, I'm going to guess this is by design.

Control is a NAT-centric firewall. NAT + two DHCP IPs = confusion. Granted, DHCP is often used as a centralized method for assigning static IPs, it still leaves the possibility that the IP might change. As such, any rules written to use a specific IP address would be completely invalidated if the DHCP assigned IPs were to change. This could lead to some unforeseen security issues. I'm not sure I'd want to be responsible for writing the logic on rule processing for that scenario.

By assigning the IPs statically, you remove those conditions, thus Control is willing to accept both IPs for rule processing.

This is just my guess.

My recommendation would be to have two physical NICs (or some sort of vNIC technology, ESXi or Hyper-V can do this) that connect to your ISP. Have your ISP assign one IP to each NIC.
  •  
Leonmeijer88

Messages: 10

Karma: 0
Send a private message to this user
Thanks for the info, well its a virtual server with only one NIC but I can set the information as static (the IP's are static IPs but still assigned by DHCP I think they did this for ease of use;)).
Previous Topic: Kerio VPN ping servername
Next Topic: Configuration BUG
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Aug 20 11:40:51 CEST 2017

Total time taken to generate the page: 0.00410 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.