Kerio Tech Firewall6 User Manual

Chapter 7

Traffic Policy

96

Figure 7.34

This traffic rule allows only selected users to connect to the Internet

Such a rule enables the specified users to connect to the Internet (if authenticated). However,

these users must open the WinRoute interface’s login page manually and authenticate (for

details, see chapter

10.1

).

However, with such a rule defined, all methods of automatic authentication will be ineffective

(i.e. redirecting to the login page, NTLM authentication as well as automatic authentication

from defined hosts). The reason is that the automatic authentication (or redirection to the

login page) is not invoked unless connection to the Internet is being established (for license

counting reasons — see chapter

4.6

). However, this NAT rule blocks any connection unless

the user is authenticated.

Enabling automatic authentication

The automatic user authentication issue can be solved easily as follows:

•

Add a rule allowing an unlimited access to the HTTP service before the NAT rule.

Figure 7.35

These traffic rules enable automatic redirection to the login page

•

In URL rules (see chapter

12.2

), allow specific users to access any Web site and deny

any access to other users.

Figure 7.36

These URL rules enable specified users to access any Web site