Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 96
Chapter 7
Traffic Policy
96
marginal traffic (web browsing, online radio channels, etc.). To meet this crucial requirement
of an enterprise data traffic, it is necessary to consider and employ, besides the destination IP
address, additional information when
from the LAN to the Internet, such as
source IP address, protocol, etc. This approach is called
In WinRoute, policy routing can be defined by conditions in traffic rules for Internet access
with IP address translation (NAT). This approach brings wide range of options helping to meet
all requirements for routing and network load balancing.
Note: Policy routing traffic rules are of higher priority than routes defined in the
(see chapter
Example: A link reserved for email traffic
Let us suppose that the firewall is connected to the Internet by two links with load balancing
with speed values of 4 Mbit/s and 8 Mbit/s. One of the links is connected to the provider where
the mailserver is also hosted. Therefore, it is desirable that all email traffic (SMTP, IMAP, POP3
protocols and their secured versions) is routed through this link.
Define the following traffic rules to meet these requirements:
•
First rule defines that NAT is applied to email services and the Internet 4 Mbit interface
is used.
•
The other rule is a general NAT rule with automatic interface selection (see chap-
ter
).
Figure 7.30
Policy routing — a link reserved for email traffic
Setting of NAT in the rule for email services is shown in figure
. It is recommended to
allow use of a back-up link for case that the reserved link fails. Otherwise, email services will
be unavailable when the connection fails.
Let us suppose that the mailserver provides also Webmail and CalDAV services which use
HTTP(s) protocol. Adding these protocols in the first rule would make all web traffic routed
through the reserved link. To reach the desired goal, the rule can be modified by reserving the
link for traffic with a specific server — see figure
.