Chapter 21 Kerio VPN
322
Figure 21.21 Headquarter — final traffic rules
• Create the Branch office rule which will allow connections to services in LAN 1.
• Add the Company headquarters rule allowing connections from both headquar-
ters subnets to the branch office network..
Rules defined this way meet all the restriction requirements. Traffic which will not
match any of these rules will be blocked by the default rule (see chapter 6.3).
Configuration of a filial office
1. Install WinRoute (version 6.0.0 or later) at the default gateway of the branch office
(“server”).
2. Use Network Rules Wizard (see chapter 6.1) to configure the basic traffic policy in
WinRoute. To keep the example as simple as possible, it is supposed that the access
from the local network to the Internet is not restricted, i.e. that access to all services
is allowed in step 4.
In this case, it would be meaningless to create rules for the Kerio VPN server and/or
the Kerio Clientless SSL-VPN, since the server uses a dynamic public IP address).
Therefore, leave these options disabled in step 5.
This step will create rules for connection of the VPN server as well as for communi-
cation of VPN clients with the local network (through the firewall).