- Kerio WinRoute Firewall Administrator's Guide

2.1 Kerio WinRoute Firewall

Protocol Maintenance (Protocol Inspectors)

You may come across applications that do not support the standard communi-

cation and that may for instance use incompatible communication protocols, etc.

To challenge this problem, WinRoute includes so-called protocol inspectors, which

identify the appropriate application protocol and modify the ﬁrewall’s behavior dy-

namically, such as temporary access to a speciﬁc port (it can temporarily open the

port demanded by the server). FTP in the active mode, Real Audio or PPTP are just

a few examples.

Network Conﬁguration

WinRoute has a built-in DHCP server, which sets TCP/IP parameters for each work-

station within your local network. Parameters for all workstations can be set cen-

trally from a single point. This reduces the amount of time needed to set up the

network and minimizes the risk of making a mistake during this process.

DNS forwarder module enables easy DNS conﬁguration and faster responses to

DNS requests. It is a simple type of caching nameserver that relays requests to

another DNS server. Responses are stored in its cache. This signiﬁcantly speeds up

responses to frequent requests. Combined with the DHCP server and the system’s

HOSTS ﬁle, the DNS forwarder can be also used as a dynamic DNS server for the

local domain.

Remote Administration

All settings are performed in the Kerio Administration Console, an independent

administration console used to manage all Kerio’s server products. It can be run

either on the workstation with WinRoute or on another host within the local network

or the Internet. Communication between WinRoute and the administration console

is encrypted and thus protected from being tapped or misused.

Various Operating Systems Within The Local Network

WinRoute works with standard TCP/IP protocols. From the point of view of work-

stations within the local network it acts as a standard router and no special client

applications are required. Therefore, any operating system with TCP/IP, such as

Windows, Unix/Linux, Mac OS etc., can be run within the LAN.

Note: WinRoute can work with TCP/IP protocol sets only. It does not aﬀect the function-

ality of other protocols (i.e. IPX/SPX, NetBEUI, AppleTalk, etc.).

Additional Features

HTTP and FTP ﬁltering

WinRoute can monitor all HTTP and FTP communication and block objects that do

not match given criteria. The settings can be global or deﬁned speciﬁcally for each

user.