Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Cota limits
  •  
pmatos

Messages: 25
Karma: 0
Send a private message to this user
Hi there,

I have found that kwf can help us to control the cota used by users. Assuming that a user does not need to be autenticated on kwf to access mail services, how are this services controlled? Also, what are other services that are counted and services that are not counted?

Thank you

Paulo Matos
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
Any traffic while the user is known to the firewall (logged in on the firewall) is counted. It does not matter what kind of traffic it is. If the user has not logged in the traffic is not counted for that user.
  •  
pmatos

Messages: 25
Karma: 0
Send a private message to this user
Thank you,
Please tell me, I have activated the user login to be able to use the internet, but, even thinking that the user is not logged-in he's able to receive and send emails from mail clients like outlook and outlook express. How does kwf control this situation?

Is there any way I can force a user to be logged even when using email clients above mentioned?

Another questions I expose, is it possible to create a script (or any other thing) that automatically logs a user when the computer starts?

Thank you very much and regards

Paulo Matos
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
Depends on where the mailserver is. If the mailserver is 'on the other side' of KWF than the PC's, you can control the traffic. More likely, your mailserver is on your local LAN and traffic to that server won't go through KWF. In that case you can't control it by KWF.
  •  
pmatos

Messages: 25
Karma: 0
Send a private message to this user
Thank you winkelman,
When I refer to mail servces, I do not refer to a specific mail server. In fact I don't have a mail server on my network. I am referring to the SMTP and POP3 mail serices bundled with kwf.

As I have informed, usually a user to surf the internet, must be logged-in, but accessing services like SMTP and POP3 it's done without requesting any autorization.

Thank you

Paulo Matos
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
If you enable the option 'Always require users to be authenticated' (under the Authentication Options tab in User configuration) they cannot use any service if there not logged in.

That's the way I use it here. Most people are only allowed to browse the web and they get the login page upon first connecting. But people who for example also can FTP, first have to login to KWF before they can FTP. Same with email, etc.

This of course only works if users have to go through the KWF machine when they send/retrieve email.

[Updated on: Thu, 27 October 2005 14:49]

  •  
pmatos

Messages: 25
Karma: 0
Send a private message to this user
Hi there winkelman,

I hope you can help me with this situation I have.
My network with a w2k domain, is configured with kwf.
The users are on the Active directory users and it is linked to the kwf users and groups.

The firewall is configured to "request autorization when accessing web pages..."
- When a computer starts, the first time he gets connected to the internet using internet explorer, he is requested to log-in
- But if this user, first access the pop3 mail client (outlook express, outlook), he sucessfully send and receive emails even thought that he is not authenticated on the firewall.

Any idea?


Paulo Matos
  •  
winkelman

Messages: 2119
Karma: 3
Send a private message to this user
pmatos wrote on Thu, 27 October 2005 15:48


The firewall is configured to "request autorization when accessing web pages..."

- But if this user, first access the pop3 mail client (outlook express, outlook), he sucessfully send and receive emails even thought that he is not authenticated on the firewall.



That is strange. Are you sure the only TCP/IP route to the POP3 mailserver is through KWF? There's no other router? The mailserver is not on the same IP-subnet?
  •  
feite

Messages: 523
Karma: 0
Send a private message to this user
The description of the option is correct. Automatic login only works for accessing web pages. If you want that only authorized users can access the internet use users and/or usergroups in the source field of the traffic rules. You can create groups for specific services like 'Mail users', 'FTP users', ... In the traffic rule for mail (SMTP/POP3) you specify the usergroup 'Mail users', in the traffic rule for FTP you specify the usergroup 'FTP users' and so on.

In another posting you can find a solution to automatically login/logout a user when he/she logs in to the domain. This way its not possible to quickly login on a machine the other user just logged out and keep on using the internet on the account of the previous user.
Previous Topic: cant access ftp site
Next Topic: WinRoute6 on Windows XP
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 02:42:58 CET 2017

Total time taken to generate the page: 0.00413 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.