The Advanced tab in the Network security section provides options for advanced settings of the security and logging of undesirable traffic.
- Boot time protection
Check/uncheck the Block all incoming connection attempts... option to enable/disable the computer during the time of booting (for details, refer to chapter 7.6. Boot time protection).
This option is enabled by the default. Disabling of the option can be useful for testing and trouble-shooting purposes (e.eg. to solve problems with remote administration of the host protected by Kerio Personal Firewall).
For security reasons, it is recommended not to disable this option unless necessary.
- Enable gateway mode
This option switches the firewall to a special mode — protection of the Internet gateway (the firewall will run on router or NAT router).
If this option is selected, Kerio Personal Firewall will let through packets with destination ports at which no local application is running, or packets with destination IP addresses which are not local.
Do not use this option unless Kerio Personal Firewall is really running on the Internet Gateway, otherwise protection of the local computer might be seriously reduced!
Notes:
The Enable Gateway Mode option can be also used to allow communication of the operating system which is run within VMWare (http://www.vmware.com/) if Kerio Personal Firewall protects host system. If this option is disabled, Kerio Personal Firewall will block all packets routed to the operating system within the VMWare.
If Kerio Personal Firewall is used for proxy server protection, it is not necessary to enable this option (proxy server behaves as a client on the local computer).
- Advanced logging
Use the Log packets going to unopened ports option to enable logging of detected packets which include destination ports which do not belong to any process in the local operating system. These packets are dropped automatically, however, they might point at an intrusion attempts (port scanning).
Note: The gateway mode and the advanced logging cannot be combined. In the gateway mode, all these packets are automatically let in (they are addressed to other hosts).