209
Chapter 14
Remote Administration and Update Checks
14.1 Setting Remote Administration
Remote administration can be either permitted or denied by definition of the appropriate
traffic rule. Traffic between WinRoute and Administration Console is performed by TCP
and UDP protocols over port 44333. The definition can be done with the predefined
service KWF Admin.
If WinRoute includes only traffic rules generated by the wizard, remote administration
is available through all interfaces except the one which is used for Internet connection
and where NAT is enabled (see chapter
6.1). This means that remote administration is
available from all local hosts.
How to allow remote administration from the Internet
In the following example we will demonstrate how to allow WinRoute remote adminis-
tration from some Internet IP addresses.
• Source — group of IP addresses from which remote administration will be allowed.
For security reasons it is not recommended to allow remote administration from an
arbitrary host within the Internet (this means: do not set Source as the Web interface).
• Destination — Firewall (host where WinRoute is running)
• Service — KWF Admin (predefined service— WinRoute administration)
• Action — Permit (otherwise remote administration would be blocked)
• Translation — Because the engine is running on the firewall there is no need for
translation.
Figure 14.1 Traffic rule that allows remote administration