Chapter 6
Internet Connection
62
Note:
1.
Probe hosts must not block
ICMP Echo Requests
(
PING
) since such requests are used to test
availability of these hosts — otherwise the hosts will be always considered as unavailable.
This is one of the cases where the primary default gateway cannot be used as the testing
computer.
2.
Probe hosts must be represented by computers or network devices which are permanently
running (servers, routers, etc.). Workstations which are running only a few hours per day
are irrelevant as probe hosts.
3.
ICMP
queries sent to probe hosts cannot be blocked by the firewall’s traffic rules.
6.4 Network Load Balancing
If at least two Internet links are available,
WinRoute
can divide traffic in parts sent by either of
them. The benefits of such solution are evident — Internet connection throughput gets better
(i.e. speed of data transmission between the LAN and the Internet increases) and response
time gets shorter for connections to servers in the Internet. If special traffic policy is not
defined (so called
— see chapter
), then individual links are also backed-up
mutually (see also chapter
) — in case of failure of one of the lines, the traffic is routed via
another.
Note:
1.
Network load balancing is applied only to outbound traffic via the default route. If the
(see chapter
) defines a route to a destination network, traffic to the
network will always be routed through the particular interface.
2.
Network load balancing does not apply to the traffic of the firewall itself. This traffic is
processed directly by the operating system and, therefore, the standard
is applied
here (the default route with the lowest metric value will always be used).
Requirements
The computer hosting
WinRoute
must have two network interfaces for connection to the In-
ternet, i.e. leased (
Ethernet
,
WiFi
) or persistently connected dial-up links (
CDMA
,
PPPoE
). Usual
dial-ups (analog modem,
ISDN
) are not suitable, because it is not possible to dial on demand
in the network load balancing mode.
This connection type also requires one or more network cards for connection of individual
segments of the LAN. Default gateway must
NOT
be set on any of these cards (cards for the
LAN)!
In case of dial-ups (
CDMA
,
PPPoE
), it is also necessary to define corresponding telephone con-
nection in the operating system. It is not necessary that login data for telephone connections
are saved in the system, this information can be specified directly in
WinRoute
.
Summary of Contents for Firewall6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies...
Page 129: ...8 5 HTTP cache 129...
Page 404: ...404...