The WinRoute host can be used as a workstation, however it is not recommended as user activity can affect the functionality of the operating system and WinRoute in a negative way.
WinRoute can be run with most of common applications. However, there are certain applications that should not be run at the same host as WinRoute for this could result in collisions.
WinRoute Firewall may collide with applications that use low-level drivers with either identical or similar technology.
The Windows Firewall / Internet Connection Sharing system service. WinRoute can automatically detect and disable this service on its host system.
The Routing and Remote Access (RRAS) system service in the Windows Server operating systems. This service also allows Internet connection sharing (NAT). WinRoute can detect if there is NAT enabled in the RRAS service and it displays a warning if it's the case. Then, the server administrator has to to disable the NAT in the RRAS service configuration.
If NAT is not enabled, no low-level collisions will occur and WinRoute may be used along with RRAS.
Network firewalls — i.e. Microsoft ISA Server, CheckPoint Firewall-1, WinProxy (by Ositis), Sygate Office Network and Sygate Home Network, etc.
Personal firewalls, such as Sunbelt Personal Firewall, Zone Alarm, Sygate Personal Firewall, Norton Personal Firewall, etc.
Software designed to create virtual private networks (VPN) — i.e. software applications developed by the following companies: CheckPoint, Cisco Systems, Nortel, etc. There are many such applications and their features vary from vendor to vendor.
Under proper circumstances, use of the VPN solution included in WinRoute is recommended (for details see chapter 23 Kerio VPN). Otherwise, we recommend you to test a particular VPN server or VPN client with WinRoute trial version or to contact our technical support (see chapter 26 Technical support).
Note: VPN implementation included in Windows operating system (based on the PPTP protocol) is supported by WinRoute.
Applications that use the same ports as the firewall cannot be run at the WinRoute host (or the configuration of the ports must be modified).
If all services are running, WinRoute uses the following ports:
53/UDP — DNS Forwarder
67/UDP — DHCP server
1900/UDP — SSDP Discovery service
2869/TCP — UPnP Host service
The SSDP Discovery and UPnP Host services are included in the UPnP support (refer to chapter 18.2 Universal Plug-and-Play (UPnP)).
44333/TCP+UDP — traffic between Kerio Administration Console and WinRoute Firewall Engine. This service cannot be stopped.
The following services use corresponding ports by default. Ports for these services can be changed.
443/TCP — server of the SSL-VPN interface (see chapter 24 Kerio Clientless SSL-VPN)
3128/TCP — HTTP proxy server (see chapter 8.4 Proxy server)
4080/TCP — Web administration interface (refer to chapter 11 Web Interface)
4081/TCP — secured (SSL-encrypted) version of the Web administration interface (see chapter 11 Web Interface)
4090/TCP+UDP — proprietary VPN server (for details refer to chapter 23 Kerio VPN)
Most of the modern desktop antivirus programs (antivirus applications designed to protect desktop workstations) scans also network traffic — typically HTTP, FTP and email protocols. WinRoute also provides with this feature which may cause collisions. Therefore it is recommended to install a server version of your antivirus program on the WinRoute host. The server version of the antivirus can also be used to scan WinRoute's network traffic or as an additional check to the integrated antivirus McAfee (for details, see chapter 13 Antivirus control).
If the antivirus program includes so called realtime file protection (automatic scan of all read and written files), it is necessary to exclude directories cache (HTTP cache in WinRoute — see chapter 8.5 HTTP cache) and tmp (used for antivirus check). If WinRoute uses an antivirus to check objects downloaded via HTTP or FTP protocols (see chapter 13.3 HTTP and FTP scanning), the cache directory can be excluded with no risk — files in this directory have already been checked by the antivirus.
The McAfee integrated antivirus plugin does not interact with antivirus application installed on the WinRoute host (provided that all the conditions described above are met).