Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 349

Advertising
background image

25.5 Internet links dialed on demand

349

5.

The Proxy server in WinRoute (see chapter

8.4

) also provides direct dial-up connections.

A special page providing information on the connection process is opened (the page is

refreshed in short periods). Upon a successful connection, the browser is redirected to

the specified Website.

Unintentionally dialed link — application of on-demand dial rules

Demand dial functions may cause unintentional dialing. It’s usually caused by DNS requests

which cannot be responded by the DNS module and so it dials the line instead to forward them

to another DNS server. The following causes apply:

User host generates a DNS query in the absence of the user. This traffic attempt may be

an active object at a local HTML page or automatic update of an installed application.

The DNS module performs dialing in response to requests of names of local hosts.

Define DNS for the local domain properly (use the hosts system file of the WinRoute

host — for details, see chapter

8.1

).

Note: Undesirable traffic causing unintentional dialing of a link can be blocked by WinRoute

traffic rules (see chapter

7.3

). However, the best remedy for any pain is always removal of its

cause (e.g. perform antivirus check on the corresponding workstation, etc.).

To avoid unintentional dialing based on DNS requests, WinRoute allows definition of rules

where DNS names are specified for which the line can be dialed or not. To define these rules,

click on Advanced in ConfigurationInterfaces (in the A Single Internet Link — Dial on De-
mand
mode).

Figure 25.5

Dial on demand rules (for dialing based on DNS queries)

Either full DNS name or only its end or beginning completed by an asterisk (*) can be specified
in the rule. An asterisk may stand for any number of characters.

Rules are ordered in a list which is processed from the top downwards (rules order can be

modified with the arrow buttons at the right side of the window). When the system detects the

first rule that meets all requirements, the desired action is executed and the search is stopped.

Advertising