Remote Administration Settings
Remote administration can be either permitted or denied by definition of the appropriate traffic rule. Traffic between WinRoute and Kerio Administration Console is performed by TCP and UDP protocols over port 44333. The definition can be done with the predefined service KWF Admin.
How to allow remote administration from the Internet
In the following example we will demonstrate how to allow WinRoute remote administration from some Internet IP addresses.
-
Source group of IP addresses from which remote administration will be allowed.
For security reasons it is not recommended to allow remote administration from an arbitrary host within the Internet (this means: do not set Source as the Web interface).
-
Destination Firewall (host where WinRoute is running)
-
Service KWF Admin (predefined service WinRoute administration)
-
Action Permit
-
Translation Because the engine is running on the firewall there is no need for translation.
Note: Be very careful while defining traffic rules, otherwise you could block remote administration from the host you are currently working on. If this happens, the connection between Kerio Administration Console and WinRoute Firewall Engine is interrupted (upon clicking on the Apply button in Configuration / Traffic Policy). Local connections (from the WinRoute Firewall Engine's host) cannot be blocked by any rule.
TIP: The same method can be used to enable or disable remote administration of Kerio MailServer through WinRoute (the KMS Admin service can be used for this purpose).
