Overview
To apply a protocol inspector explicitly to other traffic, administrators must edit or add a new service where this inspector is to be used. This article provides information to configure Protocol Inspection in Kerio Contol, which is helpful in cases where administrators need to inspect a protocol using a different port than the default port, e.g., using TCP 8080 for HTTP traffic.
Information
Kerio Control includes protocol inspectors, which monitor all traffic on application protocols, such as HTTP (Hypertext Transfer Protocol) and FTP (File Transfer Protocol). The inspectors filter the communication or adapt the firewall's behavior according to the protocol type.
For example, the HTTP protocol inspector monitors traffic between browsers and web servers and blocks connections to particular pages or downloads of specific types of content, e.g., images or pop-ups. Each protocol inspector applies to a particular protocol and service. By default, all available protocol inspectors are used in definitions of similar services. (They are applied to matching traffic automatically).
Process
As an example, if you connect to a remote FTP server on the non-standard port 2101, you must create a new service for TCP 2101 that uses the FTP Inspector:
- In Kerio Control's administration interface, navigate to Definitions > Services.
- Click Add > Add Service.
- In the Add Service window, enter the name and description of the service.
- In the Protocol drop-down list, choose TCP.
- In the Protocol inspector drop-down list, choose FTP.
- In the Destination port section, choose the Equal to condition and enter the port number (2101 in this example).
- Click OK.
Confirmation
Based on the example, from the moment the configuration is saved, Kerio Control applies the FTP protocol on the non-standard port 2101.
Priyanka Bhotika
Comments