Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » New issue after upgrading to 9.0
  •  
walterzanella

Messages: 19

Karma: 1
Send a private message to this user
We have discover issue after upgrading two of our installation (from 8.5.3->9.0) with a wan interface with public ip.
There is a roule from anywhere->firewall->https/smptp/s->lan ip with kerio connect.
When I accessing from internet no problem at all.
When I accessing from lan to pubblic ip defined kerio control wan no access at all.
All of this two installation environment hyperv on 2012r2.
To temporary resolve I have create a dns server entry localy for mail server mail.xxx.com (10.10.1.x)
Hope this can help.
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Thank you for reporting, we're currently investigating this issue.

Did you report it to our technical support ?

[Updated on: Tue, 22 December 2015 16:57]


Petr Dobry
Product Development Manager | Kerio
  •  
walterzanella

Messages: 19

Karma: 1
Send a private message to this user
Yes.
Ticket ID: EIE-796750
Subject: Problem with access localy wan interface forwaring to lan

Thank you.
  •  
dskbass

Messages: 19
Karma: 1
Send a private message to this user
Same issue here, Kindly keep us updated/

Thank You,
  •  
UnifiedTechs-Brian

Messages: 172
Karma: 15
Send a private message to this user
Shouldn't it be: anywhere->PUBLIC IP->https/smptp/s->lan ip

Thats what we use and is working through upgrade fine.

[Updated on: Thu, 24 December 2015 10:38] by Moderator


- Brian
Kerio Preferred Partner, Reseller & Hosting Provider
Unified Technology Solutions
  •  
walterzanella

Messages: 19

Karma: 1
Send a private message to this user
Probably .. WAN interface not IP.. see attached image.
Roules and interface (on the corner)
Thanks.

  • Attachment: Immagine.png
    (Size: 141.99KB, Downloaded 399 times)
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Quote:
Shouldn't it be: anywhere->PUBLIC IP->https/smptp/s->lan ip

Yes, that's exactly how the traffic rule for hairpining should look like.

Petr Dobry
Product Development Manager | Kerio
  •  
UnifiedTechs-Brian

Messages: 172
Karma: 15
Send a private message to this user
walterzanella wrote on Thu, 24 December 2015 04:28
Probably .. WAN interface not IP.. see attached image.
Roules and interface (on the corner)
Thanks.


Actually 'm surprised it ever worked the way you wrote it,... Change "Firewall" to your public IP and it will work.

Also rule #1 is way too broad and may cause you issues at some point.

And the purpose of rule #3 is confusing me, is that your public IP or another location? I see what it is doing, just not sure why you would ever want to.

- Brian
Kerio Preferred Partner, Reseller & Hosting Provider
Unified Technology Solutions
  •  
walterzanella

Messages: 19

Karma: 1
Send a private message to this user
I have tried to remove rule 1 and 3 (not my public ip 94.86.40.73 .. outside ip for all access .. no more used).
Changed "Firewall" with my public IP .. nothing. It seems that the forwaring only works by the internet side.
I have also tried a roule at the top nothing.
I have tried connect via local lan ip of the firewall.. forwarding doesn't works.
  •  
UnifiedTechs-Brian

Messages: 172
Karma: 15
Send a private message to this user
Don't know what else to try, we have our rules with the public IP and it works fine after the upgrade.

- Brian
Kerio Preferred Partner, Reseller & Hosting Provider
Unified Technology Solutions
  •  
Reinaldo

Messages: 226
Karma: -8
Send a private message to this user
Same issue here with several customers.
Any idea if/when will this be fixed?
Regards,
Reinaldo
  •  
Petr Dobry (Kerio)

Messages: 782
Karma: 61
Send a private message to this user
Please make sure your traffic rule looks like this:

./fa/4171/0/

If it does and it still does not work from LAN, please submit a bug report at http://www.kerio.com/support/technical-support as we might need some additional information about your configuration.


Petr Dobry
Product Development Manager | Kerio
  •  
myDATA

Messages: 3
Karma: 2
Send a private message to this user
just did the first installation on 9.0 and can confirm this problem.
traffic rules are working fine for connections from WAN but not for internal connections.
i cant see anything related in the debug log (paket drop, paket tracking etc.), tried to disable 3 way handshake requirement...

this is a serious issue and needs to be adressed soon. customer just got his new box (migration from different product) and is allready angry. not good.

all of the rules in the attached screenshot have this problem. only difference is the http/https forward for connect. it works sometimes but it is extrem slow. page needs to load at least 30 sec, mostly it gets a timeout too.

i also noticed that the control box itsel is not able to ping all adresses (the ones in the screenshot, endpoint of connection). it can ping some of them but not all. this dosent make any sense because connections from WAN are working so the control box must be able to reach these adresses. but the internal pings test says nope...

i also tried creating rules with the public ip as target (instead firewall) - same error.

./fa/4178/0/

  • Attachment: control.PNG
    (Size: 63.70KB, Downloaded 703 times)

[Updated on: Wed, 06 January 2016 15:55]

  •  
lessore

Messages: 24
Karma: 7
Send a private message to this user
same Problem exists also in my Test Environment.
So we cannot upgrade our kerio control customers to the latest version
gruber72

Messages: 5
Karma: -5
Send a private message to this user
So Kerio, what's going on?
There is no more information about this error and it's progress of bug-fixing, inspite this seems to be an error influencing many installations, some of mine too.
How shall we correspond this to the customers? An error unrepaired for a couple of days? You get money for installations we sell, so I think we can expect this mess to be clean up rapidly!

[Updated on: Fri, 08 January 2016 22:24]

Previous Topic: Length of PPPOE Username
Next Topic: Autodiscover takes a long time to connect
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 17 15:06:10 CEST 2017

Total time taken to generate the page: 0.00572 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.