Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual Page 348
- Page / 368
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
Chapter 25 Specific settings and troubleshooting
348
from the local host to the Internet, the packet will be dropped by the operating system
before the WinRoute driver is able to capture it.
2. Typically the server is represented by the DNS name within traffic between clients and an
Internet server. Therefore, the first packet sent by a client is represented by the DNS query
that is intended to resolve a host name to an IP address.
In this example, the DNS server is the WinRoute host (this is very common) and the Internet
line is disconnected. A client’s request on this DNS server is traffic within the local network
and, therefore, it will not result in dialing the line. If the DNS server does not have the
appropriate entry in the cache , it must forward the request to another server on the
Internet. The packet is forwarded to the Internet by the local DNS client that is run at
the WinRoute host. This packet cannot be held and it will not cause dialing of the line.
Therefore, the DNS request cannot be answered and the traffic cannot continue.
For these reasons, the WinRoute’s DNS module enables automatic dialing (if the DNS server
cannot respond to the request itself). This feature is bound to on-demand dialing.
Note: If the DNS server is located on another host within the local network or clients
within the local network use an Internet DNS server, then the limitation is irrelevant and
the dialing will be available. If clients’ DNS server is located on the Internet, the line will
be dialed upon a client’s DNS query. If a local DNS server is used, the line will be dialed
upon a query sent by this server to the Internet (the default gateway of the host where the
DNS server is running must be set to the IP address of the WinRoute host).
3. It can be easily understood through the last point that if the DNS server is to be running
at the WinRoute host, it must be represented by the DNS module because it can dial the
line if necessary.
If there is a domain based on Active Directory in the LAN (domain server with Windows
Server 2000/2003/2008), it is necessary to use Microsoft DNS server, because communica-
tion with Active Directory uses special types of DNS request. Microsoft DNS server does
not support automatic dialing. Moreover, it cannot be used at the same host as the DNS
module as it would cause collision of ports.
As understood from the facts above, if the Internet connection is to be available via dial-
up, WinRoute cannot be used at the same host where Windows Server with Active Directory
and Microsoft DNS are running.
4. If the DNS module is used, WinRoute can dial as a response to a client’s request if the
following conditions are met:
• Destination server must be defined by DNS name so that the application can create
a DNS query.
• In the operating system, set the primary DNS server to the IP address of the fire-
wall). In Windows, go to TCP/IP properties in interfaces connected to the LAN and
set the IP address of this interface as the primary DNS server.
- Kerio WinRoute Firewall 6 1
- Contents 3
- Quick Checklist 7
- Introduction 9
- 2.2 Conflicting software 10
- 2.3 System requirements 11
- 2.4 Installation - Windows 12
- Sharing 15
- 2.9 WinRoute Components 23
- WinRoute Administration 27
- Chapter 4 32
- 4.2 License information 33
- 4.6 User counter 45
- Network interfaces 47
- Figure 5.2 Editing interfaces 50
- Internet Connection 53
- 6.3 Connection Failover 62
- Chapter 6 Internet Connection 64
- 6.4 Network Load Balancing 66
- Traffic Policy 71
- 7.2 How traffic rules work 78
- 7.4 Basic Traffic Rule Types 90
- 7.5 Policy routing 95
- 7.8 Use of Full cone NAT 101
- 7.9 Media hairpinning 102
- Chapter 8 104
- 8.1 DNS module 104
- Figure 8.1 DNS settings 105
- 8.2 DHCP server 110
- 8.4 Proxy server 121
- 8.5 HTTP cache 124
- Bandwidth Limiter 130
- User Authentication 137
- Web Interface 141
- HTTP and FTP filtering 147
- 12.2 URL Rules 148
- 12.5 FTP Policy 162
- Antivirus control 167
- 13.3 HTTP and FTP scanning 172
- 13.4 Email scanning 176
- Definitions 180
- 14.2 Time Ranges 181
- 14.3 Services 183
- 14.4 URL Groups 187
- Description 189
- User Accounts and Groups 190
- 15.2 Local user accounts 193
- Step 1 — basic information 194
- 15.5 User groups 210
- Administrative settings 214
- 16.3 Update Checking 216
- Advanced security features 218
- Other settings 224
- 18.3 Relay SMTP server 229
- Status Information 231
- 19.4 Alerts 243
- Figure 19.12 Alert Definitions 244
- Basic statistics 248
- Figure 20.1 User statistics 249
- 20.2 Interface statistics 250
- Chapter 21 254
- Chapter 22 262
- 22.1 Log settings 262
- Figure 22.1 Log settings 263
- Chapter 22 Logs 264
- Syslog Logging 264
- 22.2 Logs Context Menu 265
- 22.3 Alert Log 269
- 22.4 Config Log 269
- 22.5 Connection Log 270
- 22.6 Debug Log 271
- 22.7 Dial Log 273
- 22.8 Error Log 275
- 22.9 Filter Log 276
- 22.10 Http log 277
- 22.11 Security Log 278
- 22.12 Sslvpn Log 280
- 22.13 Warning Log 280
- 22.14 Web Log 281
- Kerio VPN 283
- 23.1 VPN Server Configuration 284
- Chapter 23 Kerio VPN 320
- Paris branch office server 332
- Chapter 24 335
- Chapter 25 338
- 25.2 Configuration files 339
- Technical support 351
- 26.2 Tested in Beta version 352
- Legal Notices 353
- Used open source items 354
- Glossary of terms 357
© 2020, manymanuals.com. All rights reserved. | 2.360 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals