Could we get an option in the Administration Portal to "Disable" Remember me for MFA. We have a client that wishes to use MFA every time they login via VPN. Default is to "Remember me" when using MFA.
Also could we get an option to setup Allow Rules / Bypass rules for MFA. Eg If they login via this IP Address, No MFA etc. When we are remote managing MFA Enabled Firewalls we have to have the phone that has the MFA code on it.3 votes
It will be better in the managment, because isn't necesary restart ot manually.1 vote
TheGeoip filter is useful but I would like to be able to create exceptions based on the address or ip3 votes
Allow limiting each user by kbps rather than a blanket quota for day/week/month. Even allowing each user have a normal data rate quota in kbps and allow burstable data for a given time frame. Jony is allowed 256kbps down/128 kbps up but his iphone needs to download an app. Allow his phone to peak to a specific data rate determined by admin. Jony's phone needs app so can down load 1024 kbps/128 kbps for 10 mins. same on the upload, allow it burst to a set rate for set time in minutes.1 vote
This feature is due later on this year.
At the moment, Kerio has a built-in HTTPS Proxy Server.
There are applications that do not support HTTPS proxy and work only through SOCKS5.3 votes
Need SHA256 phase 2 VPN server, and upgrade TLS Version, my clients have tunnel requirements to my control.1 vote
some web application firewall on top of the reverse proxy. a break and Inspect function with WAF functionality6 votes
It would be great to have an option to configure automatic termination of VPN session by timeout (when user connected via VPN Client).
For this moment, it can be done only manually (Web Admin--->Status--->VPN Clients--->Right Click on the connection and disconnect)1 vote
We find that users can access HTTP before logging into their user accounts. This means they can happily watch youtube all day without it contributing towards their quota. Can you make a way to force login?3 votes
If these rules are detected then they should be indicated on the Traffic Rules page. Or at least add an option under the "More Actions" drop down to flag them. Without a way to see which ones are bad this warning is useless.1 vote
more realtime information / widgets for dashboard with better reporting functions3 votes
It would be nice if kerio control recognizes wireless cards and 3G cards so we can use this solution in remote locations. In other firewal they are already recognized, including on motherboards that already come by default9 votes
Add the function of detecting the real file format attached to the letter, regardless of the recorded extension of its name. MS Office files that may have macros-viruses, may have a recorded ".doc" extension instead of ".docm". Thus, it is impossible to block in "Attachment Filter" the receiving of the files with macros using filtration by filename extension or MIME type.3 votes
The GeoIP filter is great until it isn't. The current block all traffic is offering a hammer when we need a scalpel. Please look to offering a better set of controls.
Simply add an "Override/Ignore GeoIP Filter" checkbox to every rule.
This way I can define known servers in otherwise blocked countries and allow specific/all traffic from trusted computers.
A user could also use this override to allow specific types of traffic like mail from everywhere in the world without allowing other more secure traffic.
I would like to ask if it's possible to change behaviour of the Kerio Control in case of IPv6 Router Advertisements. Router Advertisements are not configurable in the Kerio Control at all and we have a problem with that. We are running IPv6 network and we need to assign IP addresses to devices only from our DHCPv6 server (stateful configuration). We need to set flags like this to perform stateful configuration:
'M' bit (Managed address configuration flag) - 1
'O' bit (Other configuration flag) - 0
'A' bit (Autonomous address autoconfiguration flag) - 0
Best regards1 vote
when i make traffic rule to make any authentication user login to internet if any one try to open any site not open
few sites only go to authentication login and redirect to the site again
but if i open google , yahoo,msn, not open
shortly i want any one try to open any site or serves on internet login firstly on kerio control
whether any authentication user or not6 votes
I work on a vessel where we move from location to location. Altering the interfaces we are connected to frequently and the subsequent bandwidth available for a specific interface. I quite often have to run a speed test from a PC but to get a true test i have to remove any bandwidth rules applied. It would be nice if the Kerio could run a speed test from the firewall where it has full bandwidth. Possible it runs automatically and (if enabled) can adjust the bandwidth of an interface based on the tested average?6 votes
It should be nice to have a customizable login and disclaimer page.
On the login page, the ability to specify some text (now can only add a little image).
The disclaimer page should be displayed after successful authentication and can be used to explain users that traffic is monitored/filtered/etc. Of course, that page should also be customizable.
The disclaimer page should also contain an "accept" flag to be sure user have read the disclaimer text.2 votes
We have increasing number of costumers who are switching fiber connection. It would be nice to offer SFP as other firewalls do.
please add a Reload button in control panel. sometimes I have to push a power button physically in order to restart a server because some bugs. Of course I can reload by terminal but the server doesn't have a monitor, keyboard and mouse. It takes much times to connect them.1 vote
- Don't see your idea?