Brief description of network communication between the Administration Console and server applications will be provided in this chapter. This information may be helpful for example when a remote administration is performed and the server application is running behind a firewall where this communication must be allowed.
For this communication, TCP (transmission of configuration data) and UDP protocols (transmission of new log items from the server to the Administration Console) are used. Each server application uses one port number for connection to the administration (the term “application port” will be used from now on). At this port, the server listens for an incoming TCP connection and for an initiating UDP message (see below).
Kerio Technologies products use the following ports:
44333— Kerio Control
44337— Kerio Connect
Communication between the Administration Console (the term “client” will be used from now on) and a server application (the term “server” will be used from now on) is as follows:
The client establishes a TCP connection (through an encrypted channel) to corresponding application port at the server. Upon a successful authentication, so called connection identifier is provided by the server.
The client sends a UDP message including the connection identifier to the corresponding application port.
The server remembers the port from which the message with the connection ID was sent. This port will be used for delivery of new log items).
When the TCP connection is terminated (by logging out, by closing a client or a server, because of a network error, etc.), a corresponding connection identifier is removed by both the server and the client. Any other UDP messages with this client port will be ignored.
This section provides firewall configuration hints for communication between the Administration Console and a server application in the following situations :
The server is running behind the firewall (in a local network or on the firewall host), the client is in the Internet
A corresponding application port (44333 or
44337) for TCP and UDP protocols must be opened (mapped) at
the firewall.
The client is behind the firewall, the server is in the Internet
The firewall configuration must allow outgoing TCP connection and UDP communication at a corresponding application port.