Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 97
7.5 Policy routing
97
Figure 7.31
Policy routing — setting NAT for a reserved link
Figure 7.32
Policy routing — a link reserved for a specific server
Note: In the second rule, automatic interface selection is used. This means that the Internet
4Mbit link is also used for network traffic load balancing. Email traffic is certainly still re-
spected and has higher priority on the link reserved by the first rule. This means that total
load will be efficiently balanced between both links all the time.
If you need to reserve a link only for a specific traffic (i.e. route other traffic through other
links), go toConfiguration → Interfaces and set the speed of the link to 0 Mbit/s. In this case
the link will not be used for load balancing. Only traffic specified in corresponding traffic rules
will be routed through it.
Example: Optimization of network traffic load balancing
WinRoute provides two options of network traffic load balancing: per host (clients) or per con-
nection (for details, refer to chapter
). With respect to variability of applications on individ-
ual hosts and of user behavior, the best solution (more efficient use of individual links) proves
to be the option of load balancing per connection. However, this mode may encounter prob-
lems with access to services where multiple connections get established at one moment (web
pages and other web related services). The server can consider source addresses in individual
connections as connection recovery after failure (this may lead for instance to expiration of
the session) or as an attack attempt (in that case the service can get unavailable).
This problem can be bridged over by policy routing. In case of “problematic” services (e.g.
HTTP and HTTPS) the load will be balanced per host, i.e. all connections from one client will
be routed through a particular Internet link so that their IP address will be identical (a single