Author Topic: Kerio is the ticket!  (Read 24569 times)

0 Members and 1 Guest are viewing this topic.

inconnu

  • Guest
Re: Kerio is the ticket!
« Reply #15 on: March 31, 2005, 08:13:00 AM »
I'm planning on switching to Kerio too.  I've been happy with Sygate, but ... Kerio looks like it offers more what I'm looking for in terms of fine-tuning control.  I haven't decided whether to wait for 4.2, or go ahead and install either 2.1.5, or 4.1.2 or 4.1.3.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Kerio is the ticket!
« Reply #16 on: March 31, 2005, 03:38:23 PM »
No probs with 4.1.3 here 8)
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

sded

  • Guest
Re: Kerio is the ticket!
« Reply #17 on: March 31, 2005, 03:55:47 PM »
Tried to isolate the interfering program; no luck.  Problem is that it doesn't happen 100% of the time, so is probably load order dependent.  Easier to switch than spend any more time trying to diagnose it.  It simply shouldn't happen to a firewall, ever-makes me wonder about probable malware vulnerability.  And I wouldn't know what the next interferor might be.  I never saw any of the others who had the problem come up with anything either, or any comments from Kerio or the peer support group on it.  So far KPF 2.1.5 is a fine replacement.  Or Sygate is acceptable, in spite of its PITA characteristics.  No reason not to use KPF 4 if you have no problems.  Just a warning to KPF 4 users to watch out for it occasionally not loading-assume easily noticed if often not loading.
« Last Edit: March 31, 2005, 05:16:12 PM by sded »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Kerio is the ticket!
« Reply #18 on: March 31, 2005, 04:07:54 PM »
Problem is that it doesn't happen 100% of the time, so is probably load order dependent.

Will it help if you use Startup Delayer to control the order of programs load?
http://www.r2.com.au/
The best things in life are free.

sded

  • Guest
Re: Kerio is the ticket!
« Reply #19 on: March 31, 2005, 04:11:31 PM »
Thought about the startup delayer, but decided that was too much trial and error vs switching,  And still worried about the next problem program for Kerio.  Thanks for the suggestion, though.  Will probably see if Kerio has any suggestions, otherwise stay switched to something else.  Even a small unreliability is unacceptable in a firewall, and I would find it hard to trust KPF 4 again without some real solution.
« Last Edit: March 31, 2005, 04:15:18 PM by sded »

artamangr

  • Guest
Re: Kerio is the ticket!
« Reply #20 on: March 31, 2005, 06:46:38 PM »
Hi!
I tried to upgrade today from Kerio 4.1.2 to 4.1.3 but there seemed to be a problem with Kerio 4.1.3 (at least in my machine). It refused to load. Neither on boot nor manually afterwards...so i had to uninstall it.
And now, while using the Windows XP SP2 built-in firewall, i noticed that the VoIP program Skype is functioning more properly.With kerio i couldnt dial any number while connected to the university network (i thought that the external university firewall was blocking it) but now without kerio i can without any problem.
I think i will stick with the XP SP2 firewall until kerio 4.2 is released....

Culpeper

  • Guest
Re: Kerio is the ticket!
« Reply #21 on: March 31, 2005, 10:38:19 PM »
Just stick with the Win firewall since you are already behind a server firewall.

Arup

  • Guest
Re: Kerio is the ticket!
« Reply #22 on: April 01, 2005, 02:33:58 PM »
The best and leanest as well as meanest Kerio is the original lightweight Kerio 2.15, combine that with BZ rules from http://www.broadbandreports.com/forum/remark,8023708 , add freeware Antihook from www.infoprocess.biz and if you want an Intrusion Detection System like in Kerio 4, get the even better and free Nuzzler which is Snort based and comes from www.securepoint.cc By the way Securepoint also makes a very good firewall of their own.

sded

  • Guest
Re: Kerio is the ticket!
« Reply #23 on: April 01, 2005, 04:17:50 PM »
2.1.5  is a fine firewall, but it takes a bit more than just copying the BZ ruleset to make it work.  There are also some additional rules for dealing with the avast! web proxy at http://www.dslreports.com/forum/remark,12848459.  And a little adaptation for the mail proxies.  Not nearly as difficult as some of the forum comments indicate, through.  Seems to be  a continual work in progress, though; current avast! related set is shown.  As far as the KPF 4 IDS, my experience was 100% false alarms POS, usually several a day when a site that was not in accordance with their database was visited. 
« Last Edit: April 01, 2005, 07:47:23 PM by sded »

Arup

  • Guest
Re: Kerio is the ticket!
« Reply #24 on: April 01, 2005, 07:10:19 PM »
Yep,

Have to create two software proxy loopback rules with list of ports that include the POP, SMTP, IMAP, NNTP ports as well as port 12080.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Kerio is the ticket!
« Reply #25 on: April 01, 2005, 08:16:09 PM »
Have to create two software proxy loopback rules with list of ports that include the POP, SMTP, IMAP, NNTP ports as well as port 12080.

Can you post the rules here?
Port numbers, protocols, local and remote IP, etc. etc.
I think could be very useful for the users to know how to configure them...
Thanks.
The best things in life are free.

Culpeper

  • Guest
Re: Kerio is the ticket!
« Reply #26 on: April 01, 2005, 10:43:19 PM »
Kerio 4 IDS files can be edited to eleminate certain types of false positives from one computer on the network to another computer on the network.  For example, there were a couple of rule sets in the .rlk files that were creating false positives in the intrusion log.  Simply placing a "#" at the beginning of the line will disable that particular rule  rather than turning off the medium intrusion module.  The instrusion module is independent of the trusted area in Kerio.

sded

  • Guest
Re: Kerio is the ticket!
« Reply #27 on: April 02, 2005, 02:07:15 AM »
I have a good IDS in my DSL router (Cayman 3220h) that covers
IP Source Address Spoofing
Source Routing
Subnet Broadcast Amplification
Illegal Packet Size (Ping of Death)
Port Scan (TCP/UDP)
Excessive Pings
Admin Login Failure
MAC Address Spoofing

Works very well, no false alarms, catches things.

Out of KPF 4 I got about 20 false alarms a day because of the way it interpreted normal activity from various sites.  I could probably have tried to dumb it down, but thought it was already adequately dumb and ignored it.  Worthless POS advertising gimmick in my opinion, but YMMV.   ::)

Arup

  • Guest
Re: Kerio is the ticket!
« Reply #28 on: April 02, 2005, 03:58:31 AM »
Have to create two software proxy loopback rules with list of ports that include the POP, SMTP, IMAP, NNTP ports as well as port 12080.

Can you post the rules here?
Port numbers, protocols, local and remote IP, etc. etc.
I think could be very useful for the users to know how to configure them...
Thanks.

Certainly,

For Software Proxy Loopback 1

Protocol: TCP/UDP
Direction: Outgoing
Port Type: Any Port
Application: Any
Address Type: Network Mask
Network Address/Mask: 127.0.0.1/255.0.0.0
List of Ports:1-24,26-109,111-118,120-142
Rule Valid: Always and Action: Permit

For Software Proxy Loopback 2 everything will remain the same except add ports 144-12079,12081-65535 to the list. This way all or any programs trying to access these ports will need explicit permission from you.

Credit to this goes to the one and only Kerio 2.15 guru BZ, I have only modded it to suit Avast's scanning at his suggestion.

kenwong

  • Guest
Re: Kerio is the ticket!
« Reply #29 on: April 02, 2005, 05:15:13 AM »
Noticed that some of the users have KPF loading problem.  I'm using Syagate Personal Firewall 5.6 build 2808.  Occasionally it does not load at machine boot.  There are also similar reports on their forum.

Regarding Kerio, are you guys using the free version?  I am considering switching from Sygate to Kerio.  Is the "Internet gateway", which is provided by the paid version but not the free version (http://www.kerio.com/kpf_comparison_version.html), a vital element that a usual user should not be lack of?