Policy routing, 5 policy routing – Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 95
7.5 Policy routing
95
Alternatively you can define the rule to allow only authenticated users to access specific
services. Any user that has a user account in WinRoute will be allowed to access the
Internet after authenticating to the firewall. Firewall administrators can easily monitor
which services and which pages are opened by each user (it is not possible to connect
anonymously).
Figure 7.28
Only authenticated users are allowed to connect to the Internet
For detailed description on user authentication, refer to chapter
Note:
1.
The rules mentioned above can be combined in various ways (i.e. a user group can be
allowed to access certain Internet services only).
2.
Usage of user accounts and groups in traffic policy follows specific rules. For detailed
description on this topic, refer to chapter
Exclusions
You may need to allow access to the Internet only for a certain user/address group, whereas
all other users should not be allowed to access this service.
This will be better understood through the following example (how to allow a user group to
use the Telnet service for access to servers in the Internet). Use the two following rules to meet
these requirements:
•
First rule will deny selected users (or a group of users/IP addresses, etc.) to access the
Internet.
•
Second rule will deny the other users to access this service.
Figure 7.29
Exception — Telnet is available only for selected user group(s)
7.5 Policy routing
If the LAN is connected to the Internet by multiple links with load balancing (see chapter
it may be needed that one link is reserved for a certain traffic, leaving the rest of the load for
the other links. Such a measure is useful if it is necessary to keep important traffic swinging
(email traffic, the informational system, etc.), i.e. not slowed down by secondary or even