- Kerio WinRoute Firewall Administrator's Guide

6.1 Network Rules Wizard

Figure 6.10 Network Rules Wizard — the last step

Rules Created by the Wizard

The traﬃc policy is better understood through the traﬃc rules created by the Wizard in

the previous example.

ICMP traﬃc

This rule can be added whenever needed with no respect to settings within individ-

ual steps. You can use the PING command to send a request on a response from the

WinRoute host. Important issues can be debugged using this command (i.e.Internet

connection functionality can be veriﬁed).

Note: The ICMP traﬃc rule does not allow clients to use the PING command from

the local network to the Internet. If you intend to use the command anyway, you

must add the Ping feature to the NAT rules (for details see chapter 6.3).

ISS OrangeWeb Filter

If ISS OrangeWeb Filter is used (a module for classiﬁcation of Websites), this rule

is used to allow communication with corresponding databases. Do not disable this

traﬃc, otherwise ISS OrangeWeb Filter might not function well.

NAT

If this rule is added, the source (private) addresses in all packets directed from the

local network to the Internet will be substituted with addresses of the interface

connected to the Internet (see the Wizard, steps 3 and 6). However, only services

selected within step 4 can be accessed.

The Dial-In interface is included in the Source item for this rule. This implies that

all RAS clients connecting to this server can access the Internet through NAT .