Basic traffic rule types, 4 basic traffic rule types – Kerio Tech Firewall6 User Manual

Page 87

Advertising
background image

7.4 Basic Traffic Rule Types

87

Default — all necessary protocol inspectors (or inspectors of the services listed in the

Service entry) will be applied on traffic meeting this rule.

None — no inspector will be applied (regardless of how services used in the Service

item are defined).

Other — selection of a particular inspector which will be applied to traffic meeting this

rule (all WinRoute’s protocol inspectors are available). No other protocol inspector will

be applied to the traffic, regardless of settings of services in the Service section.

Do not use this option unless the appropriate traffic rule defines a protocol belonging

to the inspector. Functionality of the service might be affected by using an inappro-

priate inspector.

For more information, refer to chapter

7.7

.

Note: Use the Default option for the Protocol Inspector item if a particular service (see the

Service item) is used in the rule definition (the protocol inspector is included in the service

definition).

7.4 Basic Traffic Rule Types

WinRoute traffic policy provides a range of network traffic filtering options. In this chapter

you will find some rules used to manage standard configurations. Using these examples you

can easily create a set of rules for your network configuration.

IP Translation (NAT)

IP translation (as well as Internet connection sharing) is a term used for the exchange of a

private IP address in a packet going out from the local network to the Internet with the IP

address of the Internet interface of the WinRoute host. This technology is used to connect

local private networks to the Internet by a single public IP address.

The following example shows an appropriate traffic rule:

Figure 7.21

A typical traffic rule for NAT (Internet connection sharing)

Source

The Trusted / Local interfaces group. This group includes all segments of the LAN con-

nected directly to the firewall. If access to the Internet from some segments is supposed

to be blocked, the most suitable group to file the interface into is Other interfaces.

If the local network consists of cascaded segments (i.e. it includes other

routers

), it is not

necessary to customize the rule in accordance with this fact — it is just necessary to set

routing

correctly (see chapter

18.1

).

Advertising
Popular Brands
Popular manuals