Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » NTP protocol is not going through Kerio Control (NTP protocol is not going through Kerio Control)
  •  
kubikt

Messages: 2
Karma: 0
Send a private message to this user
I use Kerio Control v8.4.2 build 2869, I have computers and servers in local network LAN behind the firewall and when I attempt to synchronize time on computer with some ntp server in the internet behind the Kerio Control, it fails. When I move computer in front of Kerio Control time synchronization works.

Time synchronization on Kerio Control works, because of rule (I confirm it from filter log): source-firewall, destination-primary connection to internet, service-NTP (UDP, port 123), version IP-any, action-allow (with record packets and connection for confirmation), no NAT
When I synchronize time from Kerio Control administration, it works and I can see packets in filter log.

I set second rule:
source-any computer in LAN, destination-primary connection to internet, service-NTP (UDP, port 123), version IP-any, action-allow (with record packets and connection for confirmation), NAT - use only primary connection to internet
(I also tried variations like: source IP adress of 1 computer, service-all) ...
When I synchronize time on PC, it doesn't work, I cannot see any packets in filter log.


It seems to me as some kind of problem with UDP packets. Because I have another similar issue. In Kerio Administration there are tools - ping, traceroute etc.
For testing purposes I set rule for firewall to allow any kind of packets to internet to make traceroute works (or UDP packets 1-65535), no NAT of course. When I set rule for computer behind firewall, allow=any packets, NAT - use any internet connections (or primary only) ... traceroute from computer (Windows 7, Cool does not work, ping for same adress is working. When I move pc in front of firewall, traceroute is working of course.

Any idea ???
  •  
kubikt

Messages: 2
Karma: 0
Send a private message to this user
Problem solved (too many smart technology). Turning off "Blat Attack" settings from section DOS Attack Prevention Settings on network switch solved the problem.
Previous Topic: Kerio API using Python
Next Topic: Kerio VPN Client, multiple instances
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Dec 11 14:49:02 CET 2016

Total time taken to generate the page: 0.00587 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.