Note: In the time interval where persistent connection of the link is set (see above), the idleness timeout is ignored.
6.7 Supportive scripts for link control (Windows)
In some cases there is a special need of running a program or a script (execute a batch command) along with dialing or hanging up a link. This can be helpful for example if a special type of modem is used that must be controlled by a special program provided by its developers.
Kerio Control allows launching any program or a command in the following situations: Before dial, After dial, Before hang-up or/and After hang-up. In case of the Before dial and Before hang-up options, the system does not wait for its completion after startup of the program.
Scripts for control of dial-ups must be located in the scripts subdirectory of the firewall’s installation directory, typically
C:\Program Files\Kerio\WinRoute Firewall\scripts
(Attention! This directory does not exist in the default installation — it is therefore necessary to create it!).
The script names must have the following names:
• BeforeDial.cmd— before dial,
• AfterDial.cmd— after dial,
• BeforeHangup.cmd— before hangup,
• AfterHangup.cmd— after hangup.
Each script first accepts the parameter of full name of the connection currently being dialed or hung up (name in the Kerio Control interface).
Possible errors (e.g. if you allow an action but the particular script does not exist) are recorded in the Error log (see chapter23.8).
Note: If the name of the dial-up includes blanks, it will be automatically put in quotes upon the script call, which guarantees correct transmission of the full name in an only parameter of the script. However, it is more suitable to use names without blanks and diacritics for dial-ups.
Interfaces in Kerio Control can be renamed any time needed.
Network interfaces
Warning:
On Windows, Kerio Control is running as a service. Therefore, external applications and operating system’s commands will run in the background only (in the SYSTEM account). The same rules are applied for all external commands and external programs called by scripts.
Therefore, it is not highly unrecommended to use interactive applications (i.e. applications with user interaction) for the actions described above. Interactive application would be running “in background” until the system restart or killing of the particular process. Under specific circumstances, such application might also block other dials or hang-ups.
In editions Appliance and Box, supportive scripts for dial-ups are not supported.
Chapter 7
Configuring Internet connection and the local net-work
The basic function of Kerio Control is connection of the local network to the Internet via one or more Internet connections (Internet links). Depending on number and types of Internet links, Kerio Control provides various options of Internet connection:
Single Internet Link
The most common connection of local networks to the Internet. In this case, only one Internet connection is available and it is used persistently (typically Ethernet, Wi-Fi, ADSL or cable modems). It is also possible to use dial-like links which can be connected persistently — typically PPPoE connections.
A Single Internet Link — Dial On demand (Windows only)
This type of connection is fit for links which are charged by connection time — typically modems for analog or ISDN links. The link is down by default and Kerio Control dials it in response to a query demanding access from the local network to the Internet. If no data are transferred via the link for some time, Kerio Control hangs it up to reduce connection costs.
This mode is available only in Kerio Control for Windows. Kerio Control in editions Appli-ance and Box does not support dial-ups.
Multiple Internet Links — Failover
Where reliability (availability of the Internet connection) is an issue and two Internet links are available, the connection failover feature can help. If the primary link fails, Kerio Control switches to the secondary link automatically. Users may therefore notice just a very short disconnection of the Internet connection. When the connection on the primary link is recovered, Kerio Control automatically switches back to it. For most part of users, this operation takes so short to be even noticeable.
Multiple Internet Links Traffic Load Balancing
If throughput (connection speed) is an issue, Kerio Control can use multiple links concurrently and spread data transferred between the LAN and the Internet among these links. In standard conditions and settings, this also works as connection failover — if any of the links fails, transferred data are spread among the other (working) links.
In all cases, Kerio Control works in the mode of shared Internet connection. Sharing uses the NAT (IP address translation) technology, hiding the entire local network behind a public IP address of the firewall (or multiple addresses — depending on the type of Internet connection applied). Kerio Control can also be used as a neutralrouter(router without NAT). However, this mode is not the best connection of the LAN to the Internet — it requires expert configuration and advanced security.
Configuring Internet connection and the local network
This involves selection of the Internet connection type in the Configuration → Interfaces section of the Kerio Control configuration, setting corresponding interfaces for connection to the Internet and definition of corresponding traffic rules (see chapter8.3).