Kerio Tech Firewall6 User Manual

23.5 Example of Kerio VPN configuration: company with a filial office

333

In this case, it would be meaningless to create rules for the Kerio VPN server and/or the

Kerio Clientless SSL-VPN, since the server uses a dynamic public IP address). Therefore,

leave these options disabled in step 5.

Figure 23.23

A filial — it is not necessary to create rules for the Kerio VPN server

This step will create rules for connection of the VPN server as well as for communication

of VPN clients with the local network (through the firewall).

Figure 23.24

Filial office — default traffic rules for Kerio VPN

When the VPN tunnel is created, customize these rules according to the restriction re-

quirements (Step 6).

3.

Customize DNS configuration as follows:

•

In configuration of the DNS Forwarder in WinRoute, specify DNS servers to which

DNS queries which are not addressed to the company.com domain will be for-

warded (primary and secondary DNS server of the Internet connection provider

by default).

•

Enable the Use custom forwarding option and define rules for names in the

filial.company.com

domain. Specify the server for DNS forwarding by the IP

address of the remote firewall host’s interface (i.e. interface connected to the

local network at the other end of the tunnel).