Home » Kerio User Forums » Kerio Control » Set User-Level rules (Kerio Control, configure rules for users connected in rdp)

Messages: 2
Karma: 0
Send a private message to this user
good morning

I have the following network problem: Some users outside the LAN must have access to different servers. These users should not have access to the entire network, but only the server to which they are assigned. The major problem is that these users must exceed 2 LAN: User -> LAN1 -> LAN2 -> server.
To solve this problem I decided to install a server on LAN2 where all these users can access. The connection is made in RDP. Also on this server I installed Kerio Control which I'm setting some rules.
The problem is that I can not define the rules at the user level. I have to make sure that each user can only access that connects to some server LAN2. Furthermore, these connections can be performed simultaneously.
Can you suggest a proper infrastructure for this type of connection? It is impossible Kerio Control set of rules depending on the user logged in RDP?

Messages: 59
Karma: 2
Send a private message to this user
Kerio is not a 'router' in common sense, you cannot route to another switch (correct me if im wrong)
I think you can solve your problem with NAT.
If your users use RPD, make a rule
Some_user -> firewall ip, port (some custom port 7777) ->Allow -> DNAT to your RDP server IP & port (3389)
So, your clients for their RDP should connect to ip-address-of-firewall:7777
and will be NAT-ted to server-ip's RDP.

Now the only problem would be, your users should first go to kerio's login page, authenificate themselves, and only then connect to RDP:7777. Because, the rule says "such user"->allow. And how would rule know if its him, when hes not authentificated, right?
Previous Topic: Update 8.2 and freeze kerio firewall same time
Next Topic: Email Server can not be reached internally, always load at input domain on Kerio Control
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Dec 15 00:25:12 CET 2018

Total time taken to generate the page: 0.79048 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.