Kerio Intrusion Prevention Test

This page will test your Intrusion Prevention System in Kerio Control.

How Does it Work?

The test sends three special chunks of data back to your browser that your IPS recognizes as threats and logs or drops them according to your Kerio Control configuration. Please note that the data is completely harmless and does not pose any threat whatsoever even if your IPS is not functioning.

Please keep in mind that the test results may not be reliable if your network suffers from very high latency or packet loss ratio. In such cases the test may falsely report that the traffic was dropped.

This test will not work for any other IDS/IPS system than the one built in Kerio Control.

How Do I Check the Results?

Once the test is finished, depending on the severity levels settings in your Intrusion Prevention configuration, you should see messages similar to the the following examples in your Kerio Control's security log:

IPS: Packet drop, severity: High, Rule ID: 1:3000001 KERIO IPS Test Signature - High Severity,
proto:TCP, ip/port: ->

IPS: Alert, severity: Medium, Rule ID: 1:3000002 KERIO IPS Test Signature - Medium Severity,
proto:TCP, ip/port: ->

IPS: Alert, severity: Low, Rule ID: 1:3000003 KERIO IPS Test Signature - Low Severity,
proto:TCP, ip/port: ->

Perform the Test

Click on the "Run test" button. For each intrusion severity, the table below will show whether it is dropped by your IPS or not. The result should correspond to your IPS configuration.