Kerio Control VMware Virtual Appliance

Quick Setup Guide

2011 Kerio Technologies s.r.o. All rights reserved. This document provides detailed description on installation and basic conguration of the Kerio Control VMware Virtual Appliance, version 7.1.2. All additional modications and updates reserved. For detailed information on Kerio Control, refer to Kerio Control Administrators Guide and related documents. Any documents providing information on this product are available at http://www.kerio.com/rewall/manual/.

1 Kerio Control VMware Virtual Appliance

Kerio Control VMware Virtual Appliance is a UTM solution distributed as a virtual appliance for VMware. The software provides a complex set of features for security of local networks, control of user access to the Internet and monitoring of user activity. It also includes tools for secure interconnection of companys oces and connection of remote clients to the LAN via the Internet (VPN). To keep this document simple and easy to read, Kerio Control VMware Virtual Appliance will be referred to as rewall.

2 System requirements and licensing

System requirements Kerio Control VMware Virtual Appliance can be used in the following VMware products: Workstation 6.5, 7.0 Server 2.0 Fusion 2.0, 3.0 Player 2.5, 3.0 ESX 3.5, 4.0 ESXi 3.5, 4.0

Hardware requirements for the virtual host: CPU 2 GHz, 1 GB RAM, 8 GB disk space for the operating system, the product, logs and the Kerio StaR database, At least one network interface.

For full use of all product features, the following external services are required: DNS server (for manipulation with DNS queries), SMTP server (for sending of notications and alerts). Both servers in the local network and in the Internet can be used. Optionally, it is also possible to set cooperation with an Active Directory server. For access to Kerio Controls web services (Kerio Control Administration, Kerio StaR, Kerio SSLVPN ), you can use the following browsers: Internet Explorer 7 to 9, Firefox 3.5 to 4, Safari 4 and 5. The Kerio Administration Console (for full remote administration) can be installed on Windows 2000 and higher.

Licensing Policy Kerio Control VMware Virtual Appliance can be used for free for 30 days from installation (trial version) 1. Upon the trial version expiration, you will need to purchase a corresponding license for further use of the product. Then simply register the trial version with a valid license key. This process makes the trial version full version automatically. The license is dened by: The base product license, Kerio Web Filter license (optional component used for classication of web content), License for the integrated Sophos antivirus (optional component). For detailed information about license options, pricing and license purchase, refer to http://www.kerio.com/rewall.

3 Installation and basic conguration of the rewall

Kerio Control VMware Virtual Appliance (referred simply as the rewall in the document) is distributed in two types of packages: In the OVF format (Open Virtualization Format) for VMware ESX/ESXi, In the proprietary VMX format for hosted VMware products VMware Server, Workstation, Fusion and Player.
1

In unregistered trial version, Kerio Web Filter and updates of integrated antivirus and intrusion prevention system rules are not available. To get these features, you will need to register the trial version for free. For details, see the Administrators Guide.

Once all these parameters are set, the Control Engine service (daemon) is started. While the rewall is running, the rewalls console will display information about remote administration options and change of some basic conguration parameters (see chapter 5).

Importing virtual appliance to VMware product Use an installation package in accordance with the type of your VMware product (see above): In case of products VMware Server, Workstation and Fusion, download the compressed VMX distribution le (*.zip), unpack it and open it in the your VMware product. You can import a virtual appliance directly to VMware ESX/ESXi from the URL of the OVF le for example: http://download.kerio.com/dwn/control/ kerio-control-appliance-7.1.0-1234-linux.ovf VMware ESX/ESXi automatically downloads a corresponding disk image (.vmdk). the OVF conguration le and

If you import virtual appliance in the OVF format, bear in mind the following specics: In the imported virtual appliance, time synchronization between the host and the virtual appliance is disabled. However, Kerio Control features a proprietary mechanism for synchronization of time with public Internet time servers. Therefore, it is not necessary to enable synchronization with the host. Tasks for shutdown or restart of the virtual machine will be set to default values after the import. These values can be set to hard shutdown or hard reset. However, this may cause loss of data on the virtual appliance. Kerio Control VMware Virtual Appliance supports so called Soft Power Operations which allow to shutdown or restart hosted operating system properly. Therefore, it is recommended to set shutdown or restart of the hosted operating system as the value.

Installation Upon the rst startup of the virtual appliance, installation and basic conguration of Kerio Control is required. This includes the following simple steps: 1. Select a language for the installation. This language will be used both for installation and for the rewalls console which is running all the time while the rewall is running. From the list of the rewalls network interfaces, select an interface connected to the local (trustworthy) network from which the rewalls remote administration will be performed. This setting can be changed any time later (e.g. if you nd out that you selected an incorrect interface during the installation). Now dene IP address and subnet mask for the selected local network interface. It is recommended to set these parameters manually (i.e. not to use automatic conguration via DHCP). 3

2.

3.

4.

Set time zone and check/set date and time settings for the virtual machine. These settings are necessary for correct functionality of the rewall. On a computer connected to the local network, open a web browser, connect to the Kerio Control Administration web interface (see below) and go through the activation wizard to activate the product (if you only want to test the product, you can skip the registration and activate a 30-days trial). Login to the Kerio Control Administration web interface and congure the product as necessary.

5.

6.

4 Firewall administration
The Kerio Control Administration web interface allows full remote administration of the rewall and viewing of status information and logs. The web administration interface is available at: https://<IP address of the firewall>:4081/admin for example https://10.10.10.1:4081/admin Authenticate with username Admin and the password set within the product activation. Note: IP address of the rewall is the IP address of its local interface (selected within the initial conguration see section 3). Remote administration via the Internet must be enabled explicitly by the rewalls trac rules.

5 The rewalls console

On the console of the virtual computer where Kerio Control VMware Virtual Appliance is installed, information about the rewall remote administration options is displayed. Upon authenticating by the administration password (see above), this console allows to change some basic settings of the rewall, restore default settings after installation and shut down or restart the computer. The rewalls console allows: to change conguration of network interfaces (e.g. if network conguration changes or if an incorrect interface was chosen for the local network during the rewall installation). to change trac policy of the rewall so that remote administration is not blocked (if connection to the administration fails). to shut down or restart the rewall. to recover default conguration. This option restores the rewall settings as applied upon the rst startup on VMware. All conguration parameters any other data will be removed and the initial conguration wizard is started again (see section 3). Restoration of default conguration is useful especially if the rewall does not work correctly and you cannot easily x the conguration. 4

Appendix A

Legal Notices

VMware is registered trademark of VMware Inc. Microsoft , Windows , Windows NT , Windows Vista, Internet Explorer , ActiveX , and Active Directory are registered trademarks or trademarks of Microsoft Corporation. Linux is registered trademark kept by Linus Torvalds. Other names of real companies and products mentioned in this document may be registered trademarks or trademarks of their owners.