7.4 Basic Traffic Rule Types
91
Limiting Internet Access
Sometimes, it is helpful to limit users access to the Internet services from the local network.
Access to Internet services can be limited in several ways. In the following examples, the
limitation rules use IP translation. There is no need to define other rules as all traffic that
would not meet these requirements will be blocked by the default "catch all" rule.
Other methods of Internet access limitations can be found in the
Exceptions
section (see below).
Note:
Rules mentioned in these examples can be also used if
WinRoute
is intended as a neutral
router (no address translation) — in the
Translation
entry there will be no translations defined.
1.
Allow access to selected services only. In the translation rule in the
Service
entry specify
only those services that are intended to be allowed.
Figure 7.25
Internet connection sharing — only selected services are available
2.
Limitations sorted by IP addresses. Access to particular services (or access to any Internet
service) will be allowed only from selected hosts. In the
Source
entry define the group of IP
addresses from which the Internet will be available. This group must be formerly defined
in
Configuration
→
Definitions
→
Address Groups
(see chapter
Figure 7.26
Only selected IP address group(s) is/are allowed to connect to the Internet
Note:
This type of rule should be used only if each user has his/her own host and the
hosts have static IP addresses.
3.
Limitations sorted by users. Firewall monitors if the connection is from an authenticated
host. In accordance with this fact, the traffic is permitted or denied.
Figure 7.27
Only selected user group(s) is/are allowed to connect to the Internet
Summary of Contents for Firewall6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies...
Page 129: ...8 5 HTTP cache 129...
Page 404: ...404...