| Problem Accessing Kerio Connect from Outside LAN [message #139768] |
Mon, 14 May 2018 18:45  |
BobH
Messages: 66
Registered: March 2005
Location: Oregon, WI USA
|
|
|
|
We are currently running Kerio Connect v9.2.6 patch 2 installed on Win Server 2008 R2.
About a 10 days ago, we started see a problem connecting to Kerio Connect from outside our network using secure IMAP and SMTP. We use this primarily on cell phones and tablets.
If I take a cellphone that doesn't work from the outside and I configure it to work inside the network, using local addresses, it works without issue. If you use the web interface, that works both inside and outside without issue.
This made me think that the issue was Sophos firewall related but I had a Sophos tech remote in and he confirmed that traffic was getting to the Kerio Connect server.
I've gone into the SMTP and IMAP service settings (25,465,143 and 993) and confirmed that there is no setting allowing only local addresses.
Anyone know of a reason or a setting in Kerio that would block external access?
|
|
|
|
|
|
| Re: Problem Accessing Kerio Connect from Outside LAN [message #139774 is a reply to message #139771] |
Mon, 14 May 2018 19:19  |
BobH
Messages: 66
Registered: March 2005
Location: Oregon, WI USA
|
|
|
|
The web interface is working fine. We use HTTPS for that exclusively. I just can't get SMTP and IMAP to go.
I have a rule setup on the Sophos firewall to forward HTTPS as well as SMTP and IMAP (secure and non-secure) to the Kerio Connect server.
|
|
|
|
|
|
| Re: Problem Accessing Kerio Connect from Outside LAN [message #139787 is a reply to message #139768] |
Tue, 15 May 2018 11:06 |
Maerad
Messages: 275
Registered: August 2013
|
|
|
|
Mhh... I missed the part with the webinterface from internal and external 
IMHO you can rule out any windows firewall or kerio problem here. For me it seems like a problem with the sophos firewall and/or routing.
If the webinterface works flawless from external connections, you can access everything from local connections and the IP addresses are valid for connection in the IP Allowed part (you already said that), then it can only be something in between, like the router or firewall.
You could check the debug log with msgs enabled for IMAP etc. to see, if the clients can even connect to the server.
Also check the sophos firewall - maybe sometime triggered the IDS and blocked the port/connection/server/whatever.
And try to remember - did you or someone else change ANYTHING some days back before the incidents happened? Sometimes it can be just a tiny detail.
|
|
|
|
Members
Search
Help
Register
Login
Home
