Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Segregating interfaces
  •  
ericbullock

Messages: 41
Karma: 1
Send a private message to this user
I have a question about interfaces and how they are able to interact with one another. I am setting up one of the ports on a Control 1120 as a standalone interface. I've added it as a Trusted Interface and have configured IPv4 so its on a different subnet (172.16.100.x). Will clients connected to this new interface be able to see/access anything on the other LAN interface (192.168.1.x)?

I want these two networks to be completely separate. Do I need to create a traffic rule that prevents people on the new network from seeing resources (servers, printers, etc) on the existing LAN?

[Updated on: Wed, 08 February 2017 18:44]

  •  
Brian (GFI/Kerio)

Messages: 727
Karma: 70
Send a private message to this user
If you placed this separated interface in the trusted interfaces group, then there will be open communication between any networks in the trusted/local interfaces group. You can put this interface in the 'other' interface group and create traffic rules to define specifically what should be allowed to that group.
We have recently published the following KB article that should offer some guidance:
http://kb.kerio.com/product/kerio-control/hardware-appliance /configuring-ethernet-ports-in-kerio-control-hardware-applia nces-1996.html

Brian Carmichael
Instructional Content Architect
  •  
ericbullock

Messages: 41
Karma: 1
Send a private message to this user
I suspected there would be more to it.

Rolling Eyes

If I put this interface in the "Other" group what traffic rules need to be made such that all the traffic is segregated from the other LAN interface?
  •  
Brian (GFI/Kerio)

Messages: 727
Karma: 70
Send a private message to this user
You can put that segmented interface into the default traffic rule called "Internet access". Then you need to create a new rule that allows this segmented interface (source) to access the firewall (destination) for all traffic.

[Updated on: Fri, 10 February 2017 23:07]


Brian Carmichael
Instructional Content Architect
  •  
ericbullock

Messages: 41
Karma: 1
Send a private message to this user
So in this screen shot I have added the segregated interface (called Tenant) into the Internet Access rule. I've also created another traffic rule where all traffic FROM the segregated interface is allowed to the Firewall.

Look OK?

./fa/4576/0/

  •  
Brian (GFI/Kerio)

Messages: 727
Karma: 70
Send a private message to this user
Yes, looks good. You can remove Tenants from your Internet access rule since you already have a dedicated internet rule at the top (looks like for assigning bandwidth rules).

Brian Carmichael
Instructional Content Architect
  •  
ericbullock

Messages: 41
Karma: 1
Send a private message to this user
I suspected that may be superfluous. Thanks again for the input Brian...learning a lot!
Previous Topic: authentication users Problem
Next Topic: Intel Atom bug
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Aug 22 01:56:34 CEST 2017

Total time taken to generate the page: 0.00491 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.