Two types of IP groups are distinguished for Kerio Personal Firewall application rules: trusted area and the Internet. Separate actions for incoming and outgoing traffic can be defined for each area. Trusted area is a user-defined IP group. Address which are not defined as trusted will be added to Internet zone automatically.

To define your trusted area go the Trusted area tab in the Network Security section.

Figure 7.8. Network security / Trusted area section — Trusted area definition

Trusted area can include any number of IP addresses, IP address ranges, subnets or networks connected to a particular interface (for details read below). It is possible to specify interface on which particular IP addresses are permitted for each item (protection from false IP addresses).

Trusted area includes the predefined Loopback item. This item cannot be removed. It is a local loopback address and it is always considered trusted.

Trustworthy zone definition

Use the Add or the Edit button to define an item of the trusted area (or double-click on a selected item to Edit it).

Figure 7.9. Trustworthy zone definition

Description

Item description. For reference only. It is recommended to provide description of the IP range, network, etc.

Adapter

Select an adapter (interface) for which the IP addresses are used. This function protects users from false IP addresses — whenever a packet with a trusted address is received from an adapter which is not connected into the particular network, the packet is considered untrusted.

Use the --- Any --- option if you want that Kerio Personal Firewall does not check adapters from which packets with a particular IP address was sent.

Address type

Type of a trusted area item:

• Computer — a particular IP address of a computer (or a network device)

• IP address / mask — subnet defined by IP address and mask of the network

• IP address / range — IP range defined by first and last IP address

• All addresses — any IP address

Notes:

1. The All addresses option can only be used with a particular adapter (“network connected to this interface”). If it had been possible to combine this option with the --- Any --- option in the Adapter item, all IP addresses would have belonged to the trusted area. This would be irrelevant and such setting is not allowed by Kerio Personal Firewall (the OK button is not active).

2. If a dial-up is selected in the Adapter entry, firewall's behavior can be set upon each change of a telephone number in the Zone definition dialog. For details, refer to chapter 7.8. Checking of dialed telephone numbers.