Kerio Tech 6 Manuale Utente

Chapter 7

Traffic Policy

Limiting Internet Access

Sometimes, it is helpful to limit users access to the Internet services from the local network.

Access to Internet services can be limited in several ways. In the following examples, the

limitation rules use IP translation. There is no need to define other rules as all traffic that

would not meet these requirements will be blocked by the default "catch all" rule.

Other methods of Internet access limitations can be found in the Exceptions section (see below).

Note: Rules mentioned in these examples can be also used if WinRoute is intended as a neutral

router (no address translation) — in the Translation entry there will be no translations defined.

Allow access to selected services only. In the translation rule in the Service entry specify

only those services that are intended to be allowed.

Figure 7.25

Internet connection sharing — only selected services are available

Limitations sorted by IP addresses. Access to particular services (or access to any Internet

service) will be allowed only from selected hosts. In the Source entry define the group of IP

addresses from which the Internet will be available. This group must be formerly defined

in Configuration → Definitions → Address Groups (see chapter

Figure 7.26

Only selected IP address group(s) is/are allowed to connect to the Internet

Note: This type of rule should be used only if each user has his/her own host and the

hosts have static IP addresses.

Limitations sorted by users. Firewall monitors if the connection is from an authenticated

host. In accordance with this fact, the traffic is permitted or denied.

Figure 7.27

Only selected user group(s) is/are allowed to connect to the Internet