Kerio settings (post and discuss Kerio Firewall settings)

[Lisandro]

I now have all inbound connections blocked, including 'all other applications'.

Can you post your settings for Kerio?
Can other users of Kerio do the same? Maybe we can have here a place to join info about this firewall and not only at other forums (like Wilders, for instance).
Thanks.

[YLAP]

I'm gonna be the first poster. 

[Lisandro]

Thanks Ylap, but not only these ones... but also the 'Advanced' settings like packet filters, Network Security/Predefined's, etc.
I'm trying to learn the best 'set' of configurations... right now, not that sure about any of them... learning only.

[YLAP]

Your wish is my command! 

[Jarmo P]

I think this is not a bad idea Tech
So here are my packet filter rules.

As to other settings: Application, Internet In denied.
Since I dont have a LAN, trusted one is the same for "In", denied.
Only exception is Yahoo Messenger that I allow both ways connections.
Even Skype seems not to need "In", must be statefull packet inspection or something.

In 'Predefineds' only neccessary default pings are allowed, all else denied.
In Trusted I have the default loopback rule, nothing else checked.
In Application Behaviour Blocking I have set IE to asked when first starting it.

That is about it that comes to mind writing this.

[Jarmo P]

The above rules are based on Blitzen Zeus's latest standard ruleset. I mention this since the pic cannot contain all the nessessary information.
http://www.broadbandreports.com/forum/remark,8023708

Also 'own DHCP' to svchost only. Propably 'own DNS' could be that too I think, but now allows all the applications still.
Not sure if I need DHCP Broadcasts rule.

[Lisandro]

I think this is not a bad idea Tech So here are my packet filter rules.

Still can't find where I can export the BlitzenZeus's rules and import to mine...
Do I need to make rule by rule manually? 

In 'Predefineds' only neccessary default pings are allowed, all else denied.
In Trusted I have the default loopback rule, nothing else checked.
In Application Behaviour Blocking I have set IE to asked when first starting it.

I will test this as, last time, some of these settings blocked my browsing, I could not find which one...

[Jarmo P]

I made them manually, what a paintaking accuracy job  
Somehow I could not import BZ's ruleset via Kerio 4 "Import" button. Might be just my ignorance. To Kerio 2.1.5 the rules were imported from a file.

I am not really sure, if that manual building was needed. 

Edit:
I rememeber vaquely, that trying to import Kerio 2.1.5 config, gave me some error. So i thought, an error, hmmm, lets make it manually. It might have saved time if just accepting that error. But hey, I made my firewall, hehe.

[bob3160]

A question???
Does it really make sense to discuss a defunct Firewall?
Kerio personal is being discontinued as of the end of this year.
Wouldn't it be much wiser to discuss which Firewall to switch to?
An outdated Firewall which already has some problems is as bad as
using an AV program that's no longer being updated. IMHO

[Jarmo P]

LOL bob, I switched to Kerio 4.2.2 just cause it was announced to be stopped after this year.
I knew it was a good firewall, so I had to try it when it was still in sell, to get a copy to my HD and familiar with it.

There is no need for the current Kerio free users to switch to another firewall IMO.

So let's keep this thread to what Tech intended it.

[FreewheelinFrank]

My settings for Kerio are the default ones, appart from the application rules. (I want a firewall which works 'out of the box'.)

My application rule for 'any other application' is set to block: most applications don't need to accept incoming connections.

(I don't run a server or host online games or do any other stuff that requires incoming connections.)

I've seen some of the rule sets people use for Kerio 2.1.5, but none of that is necessary for 4.2.2. And for anybody not wanting to worry about application rules, the firewall in simple mode doesn't require you to set any.

I think the firewall will still continue to work after the end of the year, unless somebody finds a hole in it. I guess the intrusion detections won't be updated, but I'm not sure how that'll affect security. The free version of Sygate doesn't even have intrusion detection yet a lot of people are happy with it.

[Jarmo P]

I've seen some of the rule sets people use for Kerio 2.1.5, but none of that is necessary for 4.2.2. And for anybody not wanting to worry about application rules, the firewall in simple mode doesn't require you to set any.

Agreed Frank. It is very easy to use Kerio 4 as just an application rule firewall. I though would use the new application getting asked approach.

By creating packet filter rules like in my post you get to control/see more what is going on rather than have Kerio do it for yourself automatic and propably as safe. Only it does not log so much and I am interested

Kerio's default settings and application rules might be even safer since you can make big mistakes by creating bad packet filter rules either by mistake or misknowledge.
Still I think it is a nice feeling having a tight filter ruleset that is easy take in use or unckeck anytime wanted. Especially since Kerio is to be discontinued.
Also I wanted to tell from my own experience how much can be disabled from the default settings by creating a basic packet filter ruleset from BZ origin.

[Lisandro]

It is very easy to use Kerio 4 as just an application rule firewall. I though would use the new application getting asked approach.
Kerio's default settings and application rules might be even safer since you can make big mistakes by creating bad packet filter rules either by mistake or misknowledge.

Isn't the packet filter rules add nothing on security bases to the application rules?
As far I understood, the two methods are excludents, you must choose one... 

[Jarmo P]

As far I understood, the two methods are excludents, you must choose one...  Undecided

I dont think you need to choose. It is about making a match in a firewall rules about outgoing and incoming data packets basically.

 From the Kerio Help file, Firewall policy:

1. Intrusion detection system (IDS — refer to chapter Network Intrusions Prevention System (NIPS))

2. Stateful inspection of the network traffic (automatically lets in/out packets which belong to permitted connections — see chapter Firewall Behavior),

3. Internal rules for Kerio Personal Firewall components — i.e. permission to access a web server in order to check and download new versions of the program

4. Advanced packet filter rules (see chapter Advanced Packet Filter)

5. Predefined network security rules (see chapter Network Security Predefined Rules)

6. Application rules (more information in chapter Rules for Applications)

So the packet filter rules are applied first before 'Predefineds' or 'Application rules'. But if no match is made in packet filter rules, and you imagine somehow that the default settings are too loose, why not disable them as much as you can? As i do. Here is an opinion of sded, same as mine, the 2 are not exclusives
http://www.broadbandreports.com/forum/remark,14826751

[Umath]

Yes, Kerio 4.x is friendly to both ex 2.x users and new users.  I am using mainly packet filter rules simply because I was a 2.x user.  However, I know combining the rules with other rules would make things easier, which is mainly the matter of preference of each user.  For example, I could put all the internet related apps in application rules and allow them all of their in/outbound connections in trusted area, while leave loopback in Trusted Area tub checked.  Even in this case, I could configure the details of those apps in packet filter rules.  However, this doesn't mean my current Kerio 2.x style configuration is broken.  A good thing about home-baked rules is that they can be optimized for our personal environments and once we established them, we don't need to touch them often.

According to Jarmo P's list, only #3 is not allowed users to configure.  I think Kerio is one of the most configurable firewall applications.  Partly because of this, I think Kerio is a good app to let users understand how network connections work.