Kerio Tech 6 7.4 Basic Trac Rule Types

Chapter 7 Traﬃc Policy

•Default — all necessary protocol inspectors (or inspectors of the services listed in the

Service entry) will be applied on traﬃc meeting this rule.

•None — no inspector will be applied (regardless of how services used in the Service

item are deﬁned).

•Other — selection of a particular inspector which will be applied to traﬃc meeting this

rule (all WinRoute’s protocol inspectors are available). No other protocol inspector will

be applied to the traﬃc, regardless of settings of services in the Service section.

Do not use this option unless the appropriate traﬃc rule deﬁnes a protocol belonging

to the inspector. Functionality of the service might be aﬀected by using an inappro-

priate inspector.

For more information, refer to chapter 7.7.

Note: Use the Default option for the Protocol Inspector item if a particular service (see the

Service item) is used in the rule deﬁnition (the protocol inspector is included in the service

deﬁnition).

7.4 Basic Traﬃc Rule Types

WinRoute traﬃc policy provides a range of network traﬃc ﬁltering options. In this chapter

you will ﬁnd some rules used to manage standard conﬁgurations. Using these examples you

can easily create a set of rules for your network conﬁguration.

IP Translation (NAT)

IP translation (as well as Internet connection sharing) is a term used for the exchange of a

private IP address in a packet going out from the local network to the Internet with the IP

address of the Internet interface of the WinRoute host. This technology is used to connect

local private networks to the Internet by a single public IP address.

The following example shows an appropriate traﬃc rule:

Figure7.21 A typical traﬃc rule for NAT (Internet connection sharing)

Source

The Trusted / Local interfaces group. This group includes all segments of the LAN con-

nected directly to the ﬁrewall. If access to the Internet from some segments is supposed

to be blocked, the most suitable group to ﬁle the interface into is Other interfaces.

If the local network consists of cascaded segments (i.e. it includes other routers), it is not

necessary to customize the rule in accordance with this fact — it is just necessary to set

routing correctly (see chapter 18.1).