Internet links dialed on demand, 4 internet links dialed on demand – Kerio Tech Firewall6 User Manual
Page 381
25.4 Internet links dialed on demand
381
Hint
The defined proxy server is indexed and saved to the list of proxy servers automatically. Later,
whenever you are creating other FTP connections, you can simply select a corresponding proxy
server in the list.
25.4 Internet links dialed on demand
If an on-demand dial-up link is used (see chapter
), consider specific behavior of this con-
nection type. If the network and/or the firewall are not configured correctly, the link may stay
hung-up even if the local network sends requests for Internet connection or it may be dialed
unintentionally.
Information provided in this chapter should help you understand the principle and behavior
of on-demand dial-ups and avoid such problems.
How demand dial works
First, the function of demand dial must be activated within the appropriate line (either perma-
nently or during a defined time period — see chapter
Second, there must be no default gateway in the operating system (no default gateway must
be defined for any network adapter). This condition does not apply to the dial-up line which is
used for the Internet connection — this line will be configured in accordance with information
provided by the ISP.
If WinRoute receives a
from the local network, it will compare it with the system routing
table. If the packets goes out to the Internet, no record will be found, since there is no default
route in the routing table. Under usual circumstances, the packet would be dropped and
a control message informing about unavailability of the target would be sent to the sender. If
no default route is available, WinRoute holds the packet in the cache and dials the appropriate
line if the demand dial function is enabled. This creates an outgoing route in the routing table
via which the packet will be sent.
To avoid undesired dialing of the line, line dialing is allowed by certain packet types only.
The line can be dialed only by UDP or TCP packets with the SYN flag (connection attempts).
Demand dialing is disabled for Microsoft Networks services (sharing of files and printers, etc.).
Since this moment, the default route exists and other packets directed to the Internet will be
routed via a corresponding line. The line may be either disconnected manually or automati-
cally if idle for a certain time period. When the line is hung-up, the default route is removed
from the routing table. Any other packet directed to the Internet redials the line.
Note:
1.
To ensure correct functionality of demand dialing there must be no default gateway set
at network adapters. If there is a default gateway at any interface, packets to the Inter-