beautypg.com

Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 80

background image

Chapter 7

Traffic Policy

80

Warning

If either the source or the destination computer is specified by DNS name, WinRoute

tries to identify its IP address while processing a corresponding traffic rule.

If no corresponding record is found in the cache, the DNS forwarder forwards the

query to the Internet. If the connection is realized by a dial-up which is currently hung-

up, the query will be sent after the line is dialed. The corresponding rule is disabled

unless IP address is resolved from the DNS name. Under certain circumstances denied

traffic can be let through while the denial rule is disabled (such connection will be

closed immediately when the rule is enabled again).

For the reasons mentioned above we recommend you to specify source and destination

computers only through IP addresses in case that you are connected to the Internet

through a dial-up!

IP range — e.g. 192.168.1.10—192.168.1.20

IP address group — a group of addresses defined in WinRoute (refer to chapter

14.1

)

Subnet with mask — subnet defined by network address and mask

(e.g. 192.168.1.0/255.255.255.0)

Network connected to interface — selection of the interface or a group of interfaces

from which the packet comes in (Source) or via which they are sent out (Destination).

Figure 7.10

Traffic rule — selecting an interface of a group of interfaces

Groups of interfaces allow creation of more general rules independent from any partic-

ular network configuration (e.g. it is not necessary to change such rules when Internet

connection is changed or when a new LAN segment is added). It is recommended to

define traffic rules associated with groups of interfaces wherever possible. For details

on network interfaces and groups of interfaces, see chapter

5

.

Note: Only the Internet interfaces and the Trusted / Local interfaces group can be used

in traffic rules. Another method is used to add interfaces for Kerio VPN(see below).

The Other interfaces group includes interfaces of various types that were not filed in

another group. For this reason, traffic rules for such group would not be of much use.

VPN — virtual private network (created with Kerio VPN). This option can be used to

add the following items:

1.

Incoming VPN connections (VPN clients) — all VPN clients connected to the

WinRoute VPN server via the Kerio VPN Client

2.

VPN tunnel — network connected to this server from a remote server via the VPN