Home » Kerio User Forums » Kerio Control » Two networks, two internet connections, one firewall (Two seperate networks with their own dedicated internet interfaces?)

Messages: 1
Karma: 0
Send a private message to this user
So, I'm hoping some of the more experienced Kerio Control users can provide some advice on this one. We currently have one office network (NetworkA) connecting to a single outgoing internet interface (InternetA) utilising a Kerio Control box (Software version 8.1.1). It has all the appropriate traffic and HTTP rules setup and configured. All is working well on this side.

We have been asked to setup a second office network (NetworkB). This second network will require its own dedicated outgoing internet connection with a static IP (InternetB).

We have done some initial testing:
1. Setup the secondary outgoing internet interface (InternetB).
2. Modified the existing and created new local and outgoing traffic rules. We routed the NAT of the ongoing traffic to the appropriate interface (existing rules to InternetA, new rules to internetB).
3. Created internal user account for the new office users (NetworkB).
4. Created HTTP rules for new office users (NetworkB).
5. Setup a test machine and connected up to the new (NetworkB).

Then we hit a snag. On the internetA interface we have setup the gateway to point at the associated router. As Kerio can only support one active gateway our internet traffic from NetworkB to InternetB is not routing correctly.

So our question is this, Can kerio control handle two different office network connections with their own dedicated internet connection? If so what vital steps have we missed out in our configuration?

Thanks in advance for any advice.

Messages: 285
Karma: 59
Send a private message to this user
It certainly can.

However, you will likely need to enable Multiple Internet Links - Load Balancing to get the results you want.

I was able to do something very similar to what you are trying to do. The only difference is that I did allow NetworkA users and NetworkB users to use the alternate routes in case of failure.

You can configure the rules so that doesn't happen though.

Messages: 501
Karma: 20
Send a private message to this user
So, we have done this quite a bit. You can (with the right hardware) have tow inbound NICs with their own IP / gateway. Or if you have one ISP but multiple IPs you can set a rule (see attached) that will send all outbound traffic out of a different IP. You do this by setting the source NAT and then the interface you want to use. Then for source traffic you can assign a user/subnet/or any other criteria that matches.

Good luck!

I do this for our mailservers (we have 5) so that each mailserver has its own outbound IP, or for hosting Operator, you want each one to have its own IP outbound for reliable SIP traffic.

Previous Topic: hostname missing
Next Topic: vpn issue
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 22 12:38:33 CET 2018

Total time taken to generate the page: 0.78415 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.