GFI Software Aurea SMB Solutions


Home » GFI User Forums » Kerio Control » User and Source
User and Source [message #147001] Thu, 07 November 2019 12:48 Go to next message
jalal.attar is currently offline  jalal.attar
Messages: 2
Registered: November 2019
Dear Sir,
first sorry for my BAD english. ok?
i was used working with Cyberoam/Sophos appliance for some years and I'm testing to migrate to KERIO. so i decided to test it.

I'm working with 9.3.1 version:

The Most important missing in the software are User-Level. in the Firewall Rule, Sources concept are (user;ip-address;group; and ....) but it was so useful if user was separated from source. so, We can create a rule that indicate to specific User with Specific IP.HOST separately. (same as Cyberoam)



Re: User and Source [message #147007 is a reply to message #147001] Fri, 08 November 2019 10:55 Go to previous messageGo to next message
ian.bugeja is currently offline  ian.bugeja
Messages: 337
Registered: March 2017
Location: Malta
Hi

Yes in Kerio Control the source you can only specify User OR IP Address Group, however, please note that all rules are processed by priority with the one at the top the highest.

So for example, if you have User A that has a machine with IP address 192.168.1.6 and then User A can also have a mobile device with different IP Address

If you want to block Social on machine 192.168.1.6, but then allow Social for user's mobile device

create a rule priority at the top 1 that blocks Social for IP Address 192.168.1.6 then create a rule that will allow Social for User A.

The first rule will match the IP address and block Social. It will also stop processing other traffic rules.
The second rule will allow user to access social and will only match what the user is using apart from the 192.168.1.6 machine.


Hope this helps.


Ian Bugeja
GFI Software
Re: User and Source [message #147009 is a reply to message #147007] Fri, 08 November 2019 14:16 Go to previous messageGo to next message
robinbateman is currently offline  robinbateman
Messages: 172
Registered: April 2012
Location: Oxford(ish) UK

Hi Jayjal

We were resellers for Cyberoam before they got taken over by Sonos

I think once you have got used to the differences between the Cyberoam and Control you will find the Control unit much easier to use/administer


Robin Bateman
One Red Mouse
Blog: http://bit.ly/OWjcGL
Re: User and Source [message #147016 is a reply to message #147009] Sat, 09 November 2019 23:02 Go to previous messageGo to next message
billybob is currently offline  billybob
Messages: 29
Registered: October 2018
I have used astaro (sophos) for years, first at work and then at home. When astaro was acquired by sophos, I tried Kerio control. Its one of the easiest firewall I have ever used and has ALL the features that you are going to need. Too bad they don't offer a home license even for a small fee as I would not use anything else if there was such an option.
Re: User and Source [message #147026 is a reply to message #147016] Tue, 12 November 2019 04:57 Go to previous messageGo to next message
ehsan-nikavar is currently offline  ehsan-nikavar
Messages: 3
Registered: October 2019
Dear guys,

I want to share my experience with you.

As you know when a user intends to use the Internet, he/she must be authenticated. Authentication URL is as below:

kerioserver:4080/login/?orig=baaaaaaaaa%3D%3D&dest=aaaaa aaaaaaaaaaa&host=Maaaaaaaaaaaaaaaa%3D%3D

I have found a vulnerability in Kerio Control that could be misused by attacker to obtain a valid user account.

By using this vulnerability, attacker could send the link to the victim and ask him to logging to his account.

When user logged in, attacker could referesh the browser and has access to victim account.

In other hand, attacker who has not yet authenticated will log in with the victim account and can use the Internet.

It should be noted that testing has been performed when the authentication settings are set to "NTLM".

I already reported this vulnerability to Mr. Ian Bugeja, so thanks to him for his attention.

Ehsan Nikavar
Re: User and Source [message #147032 is a reply to message #147026] Tue, 12 November 2019 12:16 Go to previous message
ian.bugeja is currently offline  ian.bugeja
Messages: 337
Registered: March 2017
Location: Malta
Thanks Ehsan for reporting this.

This has been fixed in Kerio Control 9.3.1


Ian Bugeja
GFI Software
Previous Topic: KC ARP strorming ISP
Next Topic: Best Practive HA with VLANS
Goto Forum:
  


Current Time: Wed Nov 20 05:09:37 CET 2019

Total time taken to generate the page: 0.04312 seconds