Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Network Topology/Network Diagram
  •  
Jury

Messages: 7

Karma: 0
Send a private message to this user
Hi Good day!

I was wondering how can I set-up Kerio control box. I need a network topology when using it.

Is it before our router or after our router?

Example no. 1:

Internet-Modem-Router-Kerio Control Box-Switch-Computers

Example no. 2:

Internet-Modem-Kerio Control Box-Router-Switch-Computers

So which of the two examples are best practice
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
The answers really lies in your needs.

If your router is handling external interfaces that the Control device can't, then it needs to be outside the firewall.

If your router is providing internal routing with complex protocols, or protocols not handled by Control, then it needs to be inside.

If your router is doing both of the above, you can't use Control, or you need to get another router and re-apply the above logic.

If your router isn't doing any of the above, then you might not need your router anymore and can just use Control.

It will be difficult to provide you exact guidance without many particulars. Some of which may expose sensitive information about your network.
  •  
ICT and Me

Messages: 936

Karma: 53
Send a private message to this user
Jury,

I agree with Silars. It is difficult to give good advice without the good knowledge your network.
We can give you guidelines.
Let me explain how we work here. We deliver both options running because we use two lines at our customers sites.
First line is a modem (Cable or FDDI) that give Control the Public IP.
Second line is a modem/router (DSL) that handle Public IP and NAT to internal IP on Control.
So how it looks:

Line 1: Internet -> Cable Modem -> Pub. IP -> Control -> LAN Switch
Line 2: Internet -> DSL Modem/Router -> Int. IP -> Control -> LAN Switch

But never a router after Control. Control works like router, only more secure.

I wish you good luck. If you need more help without giving to much detail on the forum. PM us.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Jury

Messages: 7

Karma: 0
Send a private message to this user
@Silars: Thank you for your reply.
@ICT and Me: I also thank you for your reply.

@Silars: As of now our router is doing both. But if ever I'll reconfigure our router just to handle external interfaces, how will I configure control or give public IP? I believe it will ask for a public IP.

Do you have any guidelines for this? I'm now going to install kerio control to one of our computers here for approval and let my Manager check on it if it's great. If he approve my work, we are going to purchase the control box.
  •  
silars

Messages: 429
Karma: 59
Send a private message to this user
You would need to give more details on the interface types you use and what internal protocols you use that Control can't handle (OSPF, IGRP/EIGRP, iBGP?). What non-ethernet interfaces are you using and where?

The most common configuration you'll see in enterprise networking for this situation is [Router <-> Firewall <-> Router]. Control being the Firewall. This configuration also allows for the insertion of load balancing technologies to scale firewall performance and redundancy.
Previous Topic: Control and SSL-VPN
Next Topic: kmsrecover - how often can you stop the server for a recover?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Aug 22 15:05:25 CEST 2017

Total time taken to generate the page: 0.00444 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.