7.5 Policy routing
95
Alternatively you can define the rule to allow only authenticated users to access specific
services. Any user that has a user account in
WinRoute
will be allowed to access the
Internet after authenticating to the firewall. Firewall administrators can easily monitor
which services and which pages are opened by each user (it is not possible to connect
anonymously).
Figure 7.28
Only authenticated users are allowed to connect to the Internet
For detailed description on user authentication, refer to chapter
Note:
1.
The rules mentioned above can be combined in various ways (i.e. a user group can be
allowed to access certain Internet services only).
2.
Usage of user accounts and groups in traffic policy follows specific rules. For detailed
description on this topic, refer to chapter
Exclusions
You may need to allow access to the Internet only for a certain user/address group, whereas
all other users should not be allowed to access this service.
This will be better understood through the following example (how to allow a user group to
use the
Telnet
service for access to servers in the Internet). Use the two following rules to meet
these requirements:
•
First rule will deny selected users (or a group of users/IP addresses, etc.) to access the
Internet.
•
Second rule will deny the other users to access this service.
Figure 7.29
Exception — Telnet is available only for selected user group(s)
7.5 Policy routing
If the LAN is connected to the Internet by multiple links with load balancing (see chapter
it may be needed that one link is reserved for a certain traffic, leaving the rest of the load for
the other links. Such a measure is useful if it is necessary to keep important traffic swinging
(email traffic, the informational system, etc.), i.e. not slowed down by secondary or even
Summary of Contents for KERIO WINROUTE FIREWALL 6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Page 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Page 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Page 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Page 368: ...368...