7.7 Partial Retirement of Protocol Inspector
99
counting reasons — see chapter
). However, this NAT rule blocks any connection unless
the user is authenticated.
Enabling automatic authentication
The automatic user authentication issue can be solved easily as follows:
•
Add a rule allowing an unlimited access to the
HTTP
service before the NAT rule.
Figure 7.35
These traffic rules enable automatic redirection to the login page
•
In URL rules (see chapter
), allow specific users to access any Web site and deny
any access to other users.
Figure 7.36
These URL rules enable specified users to access any Web site
User not authenticated yet who attempts to open a Web site will be automatically redirected
to the authentication page (or authenticated by NTLM, or logged in from the corresponding
host). After a successful authentication, users specified in the
NAT
rule (see figure
) will
be allowed to access also other Internet services. As well as users not specified in the rules,
unauthenticated users will be disallowed to access any Web site or/and other Internet services.
Note:
In this example, it is assumed that client hosts use the
WinRoute DNS Forwarder
or local
DNS server (traffic must be allowed for the DNS server). If client stations used a DNS server
in the Internet (this configuration is not recommended!), it would be necessary to include the
DNS
service in the rule which allows unlimited Internet access.
7.7 Partial Retirement of Protocol Inspector
Under certain circumstances, appliance of a protocol inspector to a particular communication
might be undesirable. To disable specific protocol inspection, define corresponding source
and destination IP addresses and a traffic rule for this service that will define explicitly that
no protocol inspector will be used.
Summary of Contents for KERIO WINROUTE FIREWALL 6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Page 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Page 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Page 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Page 368: ...368...