Kerio Control Web Filter Is Not Activated Categorization Is Disabled Hot [updated] -

| | Typical Symptom | |-----------|----------------------| | Expired or missing license | Web Filter shows "Not Activated" in Dashboard; grace period ended. | | DNS resolution failure | Kerio Control cannot resolve update.gfi.com or category cloud servers. | | Firewall rules blocking the appliance itself | Local policy prevents Kerio Control from outbound HTTPS (port 443). | | Corrupted local cache | Database files for categories are damaged. | | Proxy mode misconfiguration | Using transparent proxy on a non-standard port without proper SSL interception. | | Time/date sync issue | Certificate validation fails if system time is incorrect. | | Version-specific bug | Known issues in older releases (e.g., 9.2.x, 9.3.x). | Part 3: Step-by-Step Troubleshooting Step 1: Verify Web Filter License Status Navigate to: Status → License Information (or Configuration → Licenses ).

SSH into the Kerio Control box (or use the web admin → Diagnostics → Shell) and run:

This message indicates that Kerio Control's URL filtering engine—which categorizes websites (e.g., Social Media, Malware, Adult Content)—is either unlicensed, misconfigured, or experiencing a service interruption. When this happens, any firewall rule relying on will fail silently, potentially allowing blocked content or blocking allowed content depending on your rule logic. | | Corrupted local cache | Database files

Navigate to → Network Rules → Traffic Rules .

Common error lines:

/etc/init.d/kerio-filtering stop Remove the cache directory:

curl -v https://download.gfi.com/ curl -v https://update.gfi.com/ Also test the license validation server: | | Version-specific bug | Known issues in older releases (e

dig update.gfi.com Fix DNS forwarders or bypass internal DNS for Kerio's update domains. Step 5: Verify System Time & Date SSL certificate validation for HTTPS calls to GFI servers will fail if the system clock is off by more than a few minutes.