Chapter 7
Traffic Policy
96
marginal traffic (web browsing, online radio channels, etc.). To meet this crucial requirement
of an enterprise data traffic, it is necessary to consider and employ, besides the destination IP
address, additional information when
from the LAN to the Internet, such as
source IP address, protocol, etc. This approach is called
In
WinRoute
, policy routing can be defined by conditions in traffic rules for Internet access
with IP address translation (NAT). This approach brings wide range of options helping to meet
all requirements for routing and network load balancing.
Note: Policy routing
traffic rules are of higher priority than routes defined in the
(see chapter
Example: A link reserved for email traffic
Let us suppose that the firewall is connected to the Internet by two links with load balancing
with speed values of
4 Mbit/s
and
8 Mbit/s
. One of the links is connected to the provider where
the mailserver is also hosted. Therefore, it is desirable that all email traffic (
SMTP
,
IMAP
,
POP3
protocols and their secured versions) is routed through this link.
Define the following traffic rules to meet these requirements:
•
First rule defines that NAT is applied to email services and the
Internet 4 Mbit
interface
is used.
•
The other rule is a general NAT rule with automatic interface selection (see chap-
ter
Figure 7.30
Policy routing — a link reserved for email traffic
Setting of NAT in the rule for email services is shown in figure
. It is recommended to
allow use of a back-up link for case that the reserved link fails. Otherwise, email services will
be unavailable when the connection fails.
Let us suppose that the mailserver provides also
Webmail
and
CalDAV
services which use
HTTP(s)
protocol. Adding these protocols in the first rule would make all web traffic routed
through the reserved link. To reach the desired goal, the rule can be modified by reserving the
link for traffic with a specific server — see figure
.
Summary of Contents for KERIO WINROUTE FIREWALL 6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Page 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Page 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Page 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Page 368: ...368...