Configuring a Kerio Control Appliance


In this post we describe the configuration of a Kerio Control appliance for use with ECLOUD Phone System. This configuration is based on version 8.3.0 build 1988. The Firewall features SIP and HTTP inspection where the functionality could not be determined. For SIP, the inspection is to be disabled, but the HTTP-Proxy/Content Filter rules may affect the connection to ECLOUD for updates and MyPhone connections (not part of this document).

Kerio Control Appliance logo

Step 1: Configure Services

  1. Use a web browser to open the Kerio Control Web Admin portal and navigate to “Definitions > Services”.
  2. Click “Add” and then “Add Service” to create a new service. To determine which ports need to be opened,review the list here. Specify the following information:
  3. General”:
  • Name”: A short friendly name to easily recognise the rule
  • Description”: A description of the port you are forwarding
  • Protocol”: UDP and/or TCP – depending on the port you are creating the rule for
  • Protocol Inspector”: None
  1. Source Port”:
  • Condition”: Any
  1. Destination port”:
  • Condition”“Equal to” or “In range” depending on whether creating rule for single or range of ports
  • Port”: enter the port or range of ports you are forwarding
  1. In “Definitions” > “Services”, press “Add” then “Add Service Group”.
  2. Specify:
  • Name”: ECLOUD Phone System
  • Use “Add” to add all the services created in #2.
  1. Click “OK”, then “Apply” to save your configuration

Services summary page on Kerio Control Appliance.

Step 2: Configure Port Forwarding (NAT)

  1. From the Kerio Control Web Admin portal, go to “Traffic Rules”:
  2. Click the “Add” button to create a new rule.

Port Forwarding on Kerio Control Appliance.

  1. Select the “Port mapping” option and enter:
  • Host”: Specify the LAN IP address of the ECLOUD Server (1).
  • Service”: Click “Select” (2) and select the “ECLOUD Phone System” Service group you have created earlier. Click “OK”(3) to complete.
  1. Click “Next” to finish the setup.

Traffic Rules on Kerio Control Appliance.

  1. The rule created must be placed at an appropriate position, so that its not in conflict with any other rule.

Step 3: Validating Your Setup

Log into your ECLOUD Management Console, go to  Dashboard” > Firewall” and run the ECLOUD Firewall Checker to validate if your firewall is correctly configured for use with ECLOUD.