This article shares information about the installation and basic configuration of the Kerio Control Virtual Appliance for Hyper-V.
Kerio Control Virtual Appliance for Hyper-V is a UTM (United Threat Management) solution distributed as a virtual appliance for Hyper-V.
The software provides a complex set of features for security of local networks, control of user access to the Internet, and monitoring of user activity. It also includes tools for secure interconnection of company offices and the connection of remote clients to the LAN via the Internet (VPN).
Note: To keep this article simple and easy to read, Kerio Control Virtual Appliance for Hyper-V is referred to as the firewall.
Licensing and System Requirements
The firewall can be used for free for 30 days after the installation (trial version). Upon the expiration of the trial version, you will need to purchase a corresponding license for further use of the product by registering the trial version with a valid license key.
The license is defined by:
- The base product license.
- Kerio Control Web Filter license (optional component for classification of web content).
- License for the integrated Kerio Antivirus (optional component).
Importing, Installation and Basic Configuration
The firewall is distributed in the form of a virtual hard disk. Follow these general steps to import and install it:
- Unpack the distribution Zip package into the desired target location (e.g.
Note: After importing the appliance into Hyper-V, the location cannot be changed anymore.
- The server needs to have the Hyper-V role set. Add the role in the Server Manager control panel by going to Roles > Add Roles.
- Open the Hyper-V Manager control panel and choose the local Hyper-V server.
- Go to New > Virtual machine and run the new virtual machine wizard.
- As a virtual machine location, choose the directory with the unpacked virtual harddisk (step 1) and assign at least 1.5 GB RAM with virtual network adapters.
- Choose the existing virtual hard disk option.
- Select the virtual hard disk unpacked from the distribution package that runs the installation wizard. Learn more about configuring Kerio Control using the activation wizard.
- After finishing the wizard, connect to the virtual appliance and start it.
Kerio Control checks all interfaces for a DHCP server in the network, and the DHCP server provides a default route after the installation:
- If there is more than one Internet interface with a default route, Kerio Control arranges them in the load balancing mode.
- For all interfaces without any detected DHCP (Dynamic Host Configuration Protocol) server, Kerio Control runs its own DHCP server through all configured LAN interfaces to
Xis the index of the LAN interface (starting with 10) while
Yis 1 for the control interface, and 11-254 is for DHCP assigned hosts.
Setting a Static MAC Address for the Kerio Control Appliance
Hyper-V assigns dynamic MAC (Media Access Control) addresses by default while Kerio Control needs a static MAC address. Follow these steps to set a static MAC address:
- In Virtual Machine Manager, go to properties of the Kerio Control appliance.
- In Properties, go to Hardware Configuration.
- In Hardware Configuration, select Static in the MAC address section.
The Kerio Control Administration web interface allows full remote administration of the firewall and viewing of status information and logs. The web administration interface is available at:
https://<provide_your_kerio_control_ip_address>:4081/admin. For example, https://10.10.10.1:4081/admin.
Authenticate and log in with the username
Admin and the password configured during the product activation.
Note: Kerio Control must be accessible on the IP Address from your LAN. Additionally, remote administration via the Internet must be enabled explicitly by the firewall's traffic rules.
Remote administration options are available in the firewall console of the virtual computer. Upon authenticating, this console allows you to change basic settings of the firewall, restore default settings after the installation, and shut down or restart the computer.
The firewall's console allows:
- Modifying the configuration of network interfaces (e.g., if network configuration changes or if an incorrect interface was chosen for the local network during the firewall installation).
- Changing the traffic policy of the firewall so that remote administration is not blocked (if the connection to the administration fails).
- Shutting down or restarting the firewall.
- Recovering the default configuration by restarting the initial configuration wizard. This is particularly useful when the firewall does not work correctly, and you cannot easily fix the configuration.
Note: This option removes all configuration parameters and data, restoring the firewall settings as applied in the first startup on Hyper-V.