Manualshelf

- Kerio WinRoute Firewall Administrator's Guide

ManualsBrandsKerio Tech ManualsNetwork RouterFirewall6
221222223224225226227228229230
Chapter 16 Other settings
228
is performed according to special types of DNS requests. Microsoft DNS server does
not support automatic dialing. Moreover, it cannot be used at the same host as DNS
Forwarder as it would cause collision of ports.
As understood from the facts above, if the Internet connection is to be available via
dial-up, WinRoute cannot be used at the same host where Windows 2000 server Ac-
tive Directory and Microsoft DNS are running.
4. If DNS Forwarder is used, WinRoute can dial as a response to a client’s request if the
following conditions are met:
Destination server must be defined by DNS name so that the application can
create a DNS query.
In the operating system, set the primary DNS server to the IP address of the
firewall). In Windows operating system, go to TCP/IP properties and set the IP
address of this interface as the primary DNS.
DNS Forwarder must be configured to forward requests to one of the defined
DNS servers (the Forward queries to the specified DNS server(s) option). Automatic
detection of DNS servers are not available. For details, refer to chapter
5.3.
5. The Proxy server in WinRoute (see chapter 5.5) also provides direct dial-up connec-
tions. A special page providing information on the connection process is opened
(the page is refreshed in short periods). Upon a successful connection, the browser
is redirected to the specified Website.
Setting Rules for Demand Dial
Demand dial functions may cause unintentional dialing. It’s usually caused by DNS
queries that are handled by the DNS Forwarder The following causes apply:
User host generates a DNS query in the absence of the user. This traffic attempt
may be an active object at a local HTML page or automatic update of an installed
application.
DNS Forwarder performs dialing in response to requests of names of local hosts.
Define DNS for the local domain properly (use the hosts system file of the WinRoute
host for details see chapter 5.3).
Note: In WinRoute, unwanted traffic may be blocked. However, for security reasons
it is recommended to detect the root of the problem (i.e. use antivirus to secure the
workstation, etc.).
In Configuration Demand Dial within Administration Console, rules for dialing certain
DNS names may be defined.