New in the release of Kerio Control 8.3

Introducing Kerio Control 8.3, the new release of our UTM solution.

In Kerio Control 8.3 , features such as a reverse proxy server, blocking unrecognized IP addresses, and bandwidth control inside VPN tunnels have appeared. The process of creating and managing traffic rules has been simplified and significantly improved, and the user authentication and device management system has become more flexible.
')

Reverse proxy server.

What is it?
The built-in reverse proxy server allows you to place multiple Web sites and web servers behind the firewall (firewall) of Kerio Control at the same time, and at the same time use a single routable IP address. IPS (Intrusion Prevention System) and antivirus filtering system work with a reverse proxy server.

Bandwidth control rules can be applied to each physical or virtual server, but cannot be applied to reverse proxy rules.

For what?
Reverse proxy is a single entry point for any website or file server located behind a firewall. This provides the following benefits:

• Increased security - back-end server typology and network characteristics are hidden from the outside world.
• Simplified authentication - a single authentication point for all services located behind the firewall (firewall).
• Easily manage SSL certificates for websites hosted using HTTPS - eliminating the need for certificates for each web server, reducing the load on the web server when encrypting.

Additional benefits:
• Content caching to save bandwidth.
• Load balancing.
• IPv6 support.

For whom?
For the system administrator.

Improvements to traffic rules.

What is it?
Improvements have been made to the "Traffic Rules" window:
• When adding a new rule, the setup wizard is launched, answering whose simple questions, you can define the parameters of the created traffic rule.
• Now, if there is a large list of rules, the task of finding the desired rule is simplified thanks to the search function and highlighting of the text that matches the search criteria.
• To better manage and review traffic rules, services can be grouped together. For example, Kerio Connect services, including POP3, SMTP, IMAP, HTTP, and others, can be put together in a group called “Kerio Connect Services”.
• Recognizability of the rules has improved thanks to an expanded palette of colors that can be assigned to the rules.
• Traffic rules can be tested by specifying a condition (source / destination / port). This will display all the rules that match the specified condition.
• The column “Last use” allows you to find out the last time the rule was processed. This helps to localize unnecessary rules and remove them from the list.

For what?
The new Traffic Rules window in the Kerio Control web administration interface greatly simplifies the creation and management of traffic rules. It has a very intuitive interface and reduces the time needed to configure and manage these rules.

For whom?
For the system administrator.

Improvements to user authentication and device management.

What is it?
New features have been added to improve the management of devices and users on the network:
• Users can now automatically login to the system using the hardware address (MAC address) of the devices.
• Now in the “Active nodes” administrator window there is a “Log on user automatically” option. Previously, devices could only be assigned to users by manually entering the device’s IP address.
• The “Hosts” log helps the administrator to see when users enter and exit the firewall.
• The Active Sites window lists the MAC addresses, which allows you to more accurately identify devices on the network.

For what?
The main advantage of this function is that when automatic login is enabled, users do not need to enter a login and password every day when accessing via a wired or wireless network. User devices are now identified by their MAC address, which saves users from manually entering usernames and passwords.

For whom?
For users and system administrator.

The remaining new features

Blocking of IP addresses that are not assigned by the DHCP server (in the Configuration menu -> Security Settings). This feature ensures that all devices on the network are controlled by you, and also simplifies device identification. This option has also been added to the “MAC Address Filter” menu item.

You can apply bandwidth management rules to traffic inside VPN tunnels. (Does not apply to VPN clients). For example, when routing VoIP traffic through a VPN tunnel, you can now set higher priority to voice communication. The previously used VPN tunnel processing algorithm did not allow bandwidth control rules to be applied to the traffic sent inside the VPN tunnel.

Upgrading the OS to the latest version of Debian. Thanks to this, the list of supported equipment has been expanded, and the productivity has increased.

Multiple hostnames in SSL certificates (using subject alternative names). This allows multiple domains to use one SSL certificate. This feature is especially useful when working with a reverse proxy server if you need to host several secure websites.

Automatic backup configuration to an FTP server. Now backups can be performed on Samepage.io or on an FTP server. Backups can also be saved manually using the configuration assistant.

Intrusion Prevention System (IPS) can now scan IPv6 traffic.

The functions of using dynamic DNS names include additional features for detecting Internet gateway IP addresses. Prior to version 8.3, Kerio Control could only update the DNS service records for the specified network interfaces. Now you can update the records with those Internet gateway IP addresses that can be assigned to any network interface that is part of the Internet interface group in Kerio Control. This increases the reliability of remote access to published services, in which the connection to the Internet regularly switches (for example, sea vessels). Kerio Control includes the following dynamic DNS services: ChangeIP, DynDNS and No-IP.

May 16, a webinar on this release. The recording of this webinar can be viewed here .