Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Chapter 7

Traffic Policy

100

Example

A banking application (client) communicates with the bank’s server through its proper proto-

col which uses TCP protocol at the port 2000. Supposing the banking application is run on

a host with IP address 192.168.1.15 and it connects to the server server.bank.com.

This port is used by the Cisco SCCP protocol. The protocol inspector of the SCCP would be

applied to the traffic of the banking client under normal circumstances. However, this might

affect functionality of the application or endanger its security.

A special traffic rule, as follows, will be defined for all traffic of the banking application:

1.

In the Configuration → Definitions → Services section, define a service called Internet Bank-
ing: this service will use TCP protocol at the port 2000 and no protocol inspector is used

by this communication.

Figure 7.37

Service definition without inspector protocol

2.

In the Configuration → Traffic Policy section, create a rule which will permit this service
traffic between the local network and the bank’s server. Specify that no protocol inspector

will be applied.

Figure 7.38

This traffic rule allows accessing service without protocol inspection