beautypg.com

Kerio Tech Firewall6 User Manual

Page 122

background image

Chapter 8

Configuration of network services

122

Enable connection to any TCP port

This security option enables to allow or block so called tunneling of other application

protocols (than HTTP, HTTPS and FTP) via the proxy server.

If this option is disabled, the proxy server allows to establish connection only to the

standard HTTPS port 443) — it is supposed that secured web pages are being opened. If

the option is enabled, the proxy server can establish connection to any port. It can be

a non-standard HTTPS port or tunneling of another application protocol.

Note: This option does not affect the non-secured traffic performed by HTTP and/or FTP.

In WinRoute, HTTP traffic is controlled by a protocol inspectors which allows only valid

HTTP and FTP queries.

Forward to parent proxy server

Tick this option for WinRoute to forward all queries to the parent proxy server which will

be specified by the following data:

Server — DNS name or IP address of parent proxy server and the port on which

the server is running (3128 port is used by the default).

Parent proxy server requires authentication — enable this option if authentication

by username and password is required by the parent proxy server. Specify the

Username and Password login data.

Note: The name and password for authentication to the parent proxy server is

sent with each HTTP request. Only Basic authentication is supported.

The Forward to parent proxy server option specifies how WinRoute will connect to the

Internet (for update checks, downloads of McAfee updates and for connecting to the

online ISS OrangeWeb Filter databases).

Set automatic proxy configuration script to

If a proxy server is used, Web browsers on client hosts must be configured correctly. Most

common web browsers (e.g. Internet Explorer, Firefox/SeaMonkey, Opera, etc.) enable

automatic configuration of corresponding parameters by using a script downloaded from

a corresponding website specified by URL.

In the case of WinRoute’s proxy server, the configuration script is saved at

http://192.168.1.1:3128/pac/proxy.pac,

where 192.168.1.1 is the IP address of the WinRoute host and number 3128 represents

the port of the proxy server (see above).

The Allow browsers to use configuration script automatically... option adjusts the config-

uration script in accord with the current WinRoute configuration and the settings of the

local network:

Direct access — no proxy server will be used by browsers

WinRoute proxy server — IP address of the WinRoute host and the port on which

the proxy server is running will be used by the browser (see above).

Note: The configuration script requires that the proxy server is always available (even if

the Direct access option is used).