Filter
Top Products
Chapter 6 Traffic Policy
100
1. If you require authentication for any rule, it is necessary to ensure that a rule
exists to allow users to connect to the firewall authentication page. If users use
each various hosts to connect from, IP addresses of all these hosts must be con-
sidered.
2. If user accounts or groups are used as a source in the Internet access rule, auto-
matic redirection to the authentication page nor NTLM authentication will work.
Redirection requires successful establishment of connection to the destination
server.
If traffic policy is set like this, users must be told to open the authentication page
(see chapters
9 and 8.1) in their browser and login before they are let into the
Internet.
This issue is described in detail in chapter 23.5.
• Firewall — a special address group including all interfaces of the host where the
firewall is running. This option can be used for example to permit traffic between the
local network and the WinRoute host.
Use the Any button to replace all defined items with the Any item (this item is also used
by default for all new rules). This item will be removed automatically when at least one
new item is added.
Use the Remove button to remove all items defined (the Nothing value will be displayed
in the item list). Whenever at least one item is added, the Nothing value will be removed
automatically. If the Nothing value is kept for the Source or/and Destination item, a cor-
responding rule is disabled.
The Nothing value takes effect when network interfaces (see chapter
5.1) and users or
groups (see chapter 13) are removed . The Nothing value is automatically used for all
Source or/and Destination items of rules where a removed interface (or user or a group)
has been used. Thus, all these rules are disabled. Inserting the Nothing value manually
is not meaningful —a checking box in the Name column can be used instead.
Note: Removed interfaces cannot be replaced by the Any value, otherwise the traffic
policy might be changed fundamentally (e.g. an undesirable traffic might be allowed).
Service
Definition of service(s) on which the traffic rule will be applied. Any number of services
defined either in Configurations → Definitions → Services (see chapter 12.3) or using
protocol and port number (or by port range — a dash is used to specify the range) can
be included in the list.