Kerio Tech Firewall6 manual Connection Failover, Edit Interface parameters

Chapter 5 Settings for Interfaces and Network Services

Windows Task Manager. Under specific circumstances, such application might also block other dials or hang-ups.

Edit Interface parameters

Click Edit to modify parameters of a selected interface. The Interface properties dialog, identical with the dialog for adding of a new RAS dial-up, is opened in case of RAS dial-ups. Only the Interface name entry can be edited in case of network adapters.

For VPN server and VPN tunnels, a dialog for setting of the VPN server (see chapter 21.1) or a VPN tunnel (refer to chapter 21.3) will be opened.

5.2 Connection Failover

WinRoute allows for definition of connection failover (secondary connection). This sec- ondary connection is enabled automatically whenever a dropout of the primary Internet connection is detected. Functionality of the primary connection is tested by sending of ICMP Echo Requests (PING) to selected computers. When WinRoute finds out that the primary connection is recovered again, the secondary connection is disabled and the primary one is established automatically.

Any network interface or dial connection defined in WinRoute can be used as an sec- ondary connection (see chapter 5.1). Traffic rules permitting or denying relevant com- munication through the secondary connection must be defined. In other words, it is necessary to add an interface for secondary connection to each rule where an interface for primary connection is included in the Source or/and Destination column.

For detailed information about traffic rules, refer to chapter 6.3.

Example: Primary connection used for traffic going out to the Internet is performed by a network adapter (labeled as Internet in WinRoute). A Dial-up Connection interface will be used for the secondary connection. We want to deny the Telnet service in direction from the local network to the Internet.

This situation is shown by traffic rules at figure 5.7. Two destination items are specified for each rule: network connected to the Internet interface (primary connection) and network connected to the Dial-up Connection interface (secondary connection).

•NAT — translation of source IP addresses will be performed for connections from the local network to the Internet (shared Internet connection).

•Firewall traffic — the WinRoute host will be allowed to connect to the Internet (NAT is not necessary since this host has its proper IP address).

56