The Kerio Personal Firewall's network traffic low-level driver protects computer even when the firewall is not running. Typically, this situation arrives upon startup of the operating system (the time between activation of network connections and the moment when the service is started) and during update of the product (during installation of a new version of Kerio Personal Firewall, the service is stopped automatically and it is started again when the server is restarted), or when the Personal Firewall Engine service (see chapter 4.1. Kerio Personal Firewall Components) is not launched upon start of the operating system for any reason.
This function is enabled by default. It can be disabled/enabled in the firewall's GUI whenever necessary (the Advanced tab under Network security — see chapter 7.5. Network security Advanced settings).
If the Boot time protection is enabled, the Kerio Personal Firewall's network traffic low-level driver behaves as follows:
Only outgoing traffic is allowed and all incoming traffic is blocked upon start of the operating system. This implies that the server is always protected, however, its services are not available in this mode.
If the Personal Firewall Engine is not started in 5 minutes since the start of the operating system, the driver is switched to the mode when it allows any traffic. This behaviour ensures that communication with the server is not blocked in case that the Personal Firewall Engine cannot be started for any reason.
Upon startup of the Personal Firewall Engine, the firewall permits and denies traffic in accordance with network security rules defined.
When the operating system is shut down (or being restarted), the firewall's driver blocks any incoming or aoutgoing traffic. This behaviour ensures that the server is protected even in the time when the Personal Firewall Engine service has already been stopped, but the network subsystem is not active yet.
When the Kerio Personal Firewall service is stopped, the driver is switched to the mode where it permits all network traffic. This situation arrives only when the firewall is closed by hand or when the Personal Firewall Engine fails.