Kerio Personal Firewall can be also administered remotely (from a remote station — not from the one where the Personal Firewall Engine service is running). Two alternatives of remote administration are available:
access to the configuration — all settings and functions available through the configuration dialog can be accessed from a remote computer. Dialogs during events (initialization of applications, network communication) and notifications on events can be viewed only through the computer where the Personal Firewall Engine is running.
session is redirected — all dialogs and notifications will be also redirected to a particular remote station.
The following steps must be followed for a successful remote access to the Personal Firewall Engine:
Allowing remote administration and setting a password which will be used for access to the administration
Remote access to the Personal Firewall Engine is available only through a successful user authentication (password request). Enable the Enable password protection and the Allow remote administration of this computer options in the Overview / Preferences section. Set a password if not specified yet. For details refer to chapter 6.3. Preferences.
Running the Personal Firewall GUI at a remote computer
If Kerio Personal Firewall 4.x is installed on the remote computer, select and run the Remote Firewall Administration from the Kerio program group.
If Kerio Personal Firewall is not installed on the remote computer, copy the
kpf4gui.exe,KTlibeay32_0.9.7.dll,KTssleay32_0.9.7.dllandKTzlib.dllfiles or thetranssubdirectory (if you intend to use another language version of the interface than the English one) from the local workstation (typically from theC:\Program Files\Kerio\Personal Firewall 4directory) and run it on the remote workstation.
Authentication to access the Personal Firewall Engine
Use one of the methods of running Personal Firewall GUI described above to open the authentication dialog where you can login to the Personal Firewall Engine.
- Address
DNS name or IP address of the computer on which the Personal Firewall Engine service is running. After a successful connection this name or the IP address will be displayed:
- Password
Password through which the administration can be accessed (see step 1).
- Redirect events to this session
Check this option to redirect all dialogs and notifications to the remote computer.
This option enables thorough control of the Kerio Personal Firewall from a remote computer. It is not recommended to use this option if you want to perform a single-shot modification of the configuration.
Click on the button to establish connection with a remote workstation.
Note: Connection to a remote administration is allowed by the internal Kerio Personal Firewall policy. This means that it is not necessary to define special network security rules to enable remote administration.
When connected successfully to the Personal Firewall Engine, the Kerio Personal Firewall icon with a symbol of remote connection (R — remote) is displayed in the System Tray. The context menu provides the following functions:
- Disable firewall
Deactivates the firewall (all security functions are disabled).
- Configuration
Use this option to enter the configuration dialog where all settings which are available on the local host can be done (except for disabling of network communication). For details see chapter 6.1. Configuration Dialog.
- About
Information about versions of individual Kerio Personal Firewall components as well as license of the firewall and expiration date in case of a trial version (the same information which is provided when a user is connected locally).
- Disconnect
Disconnection from the remote Personal Firewall Engine administration and closing the Personal Firewall GUI on the computer from which the remote access has been performed.
Note: Unlike in case of local administration, the following functions are not available for remote connections:
Stop all traffic (this function would block connection of the Personal Firewall Engine with the Personal Firewall GUI operating on the remote host)
Logout (users must be authenticated to be allowed to administer the firewall remotely and they will be logged out automatically when disconnected from the Personal Firewall Engine)
Exit (the Personal Firewall Engine service cannot be closed remotely; the Personal Firewall GUI running on the remote host can be closed using the Disconnect option)