Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 82
Chapter 7
Traffic Policy
82
Note:
1.
If you require authentication for any rule, it is necessary to ensure that a rule ex-
ists to allow users to connect to the firewall authentication page. If users use each
various hosts to connect from, IP addresses of all these hosts must be considered.
2.
If user accounts or groups are used as a source in the Internet access rule, auto-
matic redirection to the authentication page nor NTLM authentication will work.
Redirection requires successful establishment of connection to the destination
server.
If traffic policy is set like this, users must be told to open the authentication page
(see chapters
and
) in their browser and login before they are let into the
Internet.
This issue is described in detail in chapter
.
•
Firewall — a special address group including all interfaces of the host where the fire-
wall is running. This option can be used for example to permit traffic between the
local network and the WinRoute host.
Use the Any button to replace all defined items with the Any item (this item is also used by
default for all new rules). This item will be removed automatically when at least one new item
is added.
Use the Remove button to remove all items defined (the Nothing value will be displayed in the
item list). This is helpful when rules are changed — it is not necessary to remove items one
by one. Whenever at least one item is added, the Nothing value will be removed automatically.
If the Nothing value is kept for the Source or/and Destination item, a corresponding rule is
disabled.
The Nothing value takes effect when network interfaces (see chapter
) and users or groups
(see chapter
) are removed . The Nothing value is automatically used for all Source, Desti-
nation or/and Service items of rules where a removed interface (or a user account, a group or
a service) has been used. Thus, all these rules are disabled.
Definition of rules with the Nothing value in any column is not of any use — it is more useful
to use the checkbox in the Name column instead to disable a rule.
Note: Removed interfaces cannot be replaced by the Any value, otherwise the traffic policy
might be changed fundamentally (e.g. an undesirable traffic might be allowed).
Service
Definition of service(s) on which the traffic rule will be applied. Any number of services defined
either in Configurations → Definitions → Services (see chapter
) or using protocol and port
number (or by port range — a dash is used to specify the range) can be included in the list.
Use the Any button to replace all defined items with the Any item (this item is also used by
default for all new rules). Whenever at least one new service is added, the Any value removed
automatically.