Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » User Auth on different scopes?
  •  
servus01

Messages: 9
Karma: 0
Send a private message to this user
Hi,

we've got the Kerio Winroute Firewall with 6 different DHCP Scopes and we want to set up the User Auth on only 2 or 3 of the Scopes, but this impossible right now. Maybe possible for next version?

Greetz

Servus01
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Why impossible?

If you use HTTP URL rules for each specific segment you can specify for each segment if the user has to be authenticated or not.

Specify the segment: tab Advanced field Valid for IP address group
Specify the authentication: tab General field any user (do not enable do not require authentication).
  •  
servus01

Messages: 9
Karma: 0
Send a private message to this user
Hi,

thanks for the tip, but doesn't work, i have tried this many times but when i do the settings like you say i can acces to any webpage and there is not the site to login i have access to all and i am not loged into the firewall! Maybe cause we set another gateway not the kerio interface? So any other solutions?

Greets

Servus01
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
If you have another default gateway set, which gateway do you use to access the internet?
  •  
servus01

Messages: 9
Karma: 0
Send a private message to this user
Hi,

our summit3808 is the gateway because we dont want to much traffic on the one machine so we set for all in vlans the default gateway our summit.

Greets

Servus01
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
If you create a traffic rule that denies outgoing HTTP traffic from LAN to internet. Create a traffic rule that allows access to the proxy (service HTTP Proxy). Create a rule that allows the firewall to access the internet (HTTP/HTTPS).
Enable the proxy.

This way it is only possible for a user to browse the internet by using the proxy server of KWF.

On a client check the connection settings of the browser. The browser should use the proxy for HTTP and HTTPS traffic, not for FTP and gopher.

Create address groups one for each segment.

Create HTTP policy rules as follows:
name: Allow segment 1
if user ...: any user (do not enable the do not require authentication)
URL matches...: URL begins with *
action: allow / log
advanced tab / valid for ip address group: segment 1

name: Allow segment 2
if user ...: any user (do not enable the do not require authentication)
URL matches...: URL begins with *
action: allow / log
advanced tab / valid for ip address group: segment 2

repeat this for eacht segment

create a rule to block all other HTTP requests

name: Block browsing
if user ...: any user (do not enable the do not require authentication)
URL matches...: URL begins with *
action: deny / log

try this and let me know... Check the filter log. You will find every access to webpages there. Is also tells you from with pc the request originated and who the user was.
Previous Topic: what can i do when "out of free nat port" occur
Next Topic: another outlook pop3 problem
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 06:17:18 CET 2017

Total time taken to generate the page: 0.00481 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.