Kerio Tech Firewall6 User Manual
Page 78
Chapter 7
Traffic Policy
78
Figure 7.12
Traffic rule — users and groups in the source/destination address definition
Hint
Users/groups from various domains can be added to a rule at a moment. Select a do-
main, add users/groups, choose another domain and repeat this process until all de-
manded users/groups are added.
In traffic rules, user are represented by IP address of the host they are connected
(authenticated) from. For detailed description on user authentication, refer to chap-
ter
Note:
1.
If you require authentication for any rule, it is necessary to ensure that a rule ex-
ists to allow users to connect to the firewall authentication page. If users use each
various hosts to connect from, IP addresses of all these hosts must be considered.
2.
If user accounts or groups are used as a source in the Internet access rule, auto-
matic redirection to the authentication page nor NTLM authentication will work.
Redirection requires successful establishment of connection to the destination
server.
If traffic policy is set like this, users must be told to open the authentication page
(see chapters
and
) in their browser and login before they are let into the
Internet.
This issue is described in detail in chapter
.
•
Firewall — a special address group including all interfaces of the host where the fire-
wall is running. This option can be used for example to permit traffic between the
local network and the WinRoute host.