Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 85
7.3 Definition of Custom Traffic Rules
85
Figure 7.15
Traffic rule — NAT — automatic IP address selection
load balancing dividing the traffic among individual links may be not optimal in
this case.
•
Load balancing per connection — for each
established from the LAN
to the Internet will be selected an Internet link to spread the load optimally.
This method guarantees the most efficient use of the Internet connection’s ca-
pacity. However, it might also introduce problems and collisions with certain
services. The problem is that individual connections are established from vari-
ous IP addresses (depending on the firewall’s interface from which the packet is
sent) which may be considered as an attack at the destination server which might
result in closing of the session, blocking of the traffic, etc.
If another type of Internet connection is used (a single leased link, on demand dialing or
connection failover), these options have no effect on WinRoute’s functionality.
Hint
For maximal efficiency of the connection’s capacity, it is possible to combine both load
balancing methods. In the general rule for access from the LAN to the Internet, use load
balancing per connection and add a rule for specific services (servers, clients, etc.) which
will employ the load balancing per host method. For details, see also chapter
NAT to IP address of a specific interface
It is possible to select a specific interface which will be used for the source NAT in outgo-
ing packets. This also determines that packets will be sent to the Internet via this specific
link. This allows definition of rules for sending of a specific traffic through a selected —
so called
— see chapter
If the selected Internet link fails, Internet will be unavailable for all traffic meeting criteria
(specific services, clients, etc.) specified by this rule. To prevent from such situations, it
is possible to allow use of an alternative (back-up) interface (link) for cases of the link’s