This article provides detailed instructions on how to configure generic traffic rules in Kerio Control, which is helpful for administrators to control the traffic based on IP addresses, groups, etc., and to either block or allow traffic matching these rules.
The traffic policy consists of rules ordered by the rule priority, and they are processed from the top downwards, where the first matched rule is applied. The order of the rules can be changed with the two arrow buttons on the right side of the window, or by dragging the rules within the list.
An implicit rule denying all traffic is shown at the end of the list; this rule cannot be removed. If there is no rule to allow particular network traffic, then the implicit rule will discard the packet.
Note: In this example, we will be creating a traffic rule for SSH. To control user connections to HTTP/HTTPS, FTP servers, and filter contents, use the content filter available in Kerio Control for these purposes. For additional information, refer to Overview of the Content Filter.
Navigate to Configuration > Traffic Rules in Kerio Control's administration interface.
Click on Add. The Add New Rule window appears.
In the Add New Rule window, enter a name for the rule, e.g., 'Allow SSH to a group' (a) and in the Rule type tab, choose Generic (b). Click Next when you are done (c).
In the Source tab, click on Users and Groups. The Select Items window appears.
In the Select Items window, double-click the group you want to choose (In this example, 'SSH allowed'). Click Next when you are done.
In the Destination tab, choose Interfaces. The Selected Items window appears.
In the Select Items window, choose Internet Interfaces and click Next.
In the Services tab, click Services. The Selected Items window appears.
In the Select Items window, double-click SSH to select it as the service for this rule.
Note: You can also create a rule using the Configure in Wizard, under Traffic Rules. Click on More Actions and then Configure in Wizard, and follow the instructions accordingly.
The rule you created, in this example, to allow users to use SSH to access servers on the Internet, is displayed under Configuration > Traffic Rules, as shown below: