Alen wrote:- Citate: “…if you have a domain name, you will need to run a third party DNS Server”.
Isn’t it possible and enough to ask provider to register required addresses on his DNS server for our web and mail servers? Why is own DNS server use mandatory (if we have own web and other servers)?
You're correct. You don't need to run it yourself if your provider will set up the records you need.
Alen wrote:DNS is essential for providing name lookup ability for the PCs on your network. While it is recommended that you use the DNS in WinGate, there are other options. Various methods are detailed below, with their pros and cons.
1. Wingate DNS server
...
2. Mapped Link method
This method is detailed in Adding a Mapped Link. The UDP Mapped link on port 53 allows all DNS requests to be mapped to an external DNS server. It is usually that of your ISP.
...
3. Third party DNS server
...
Why should we use mapped link? We can use NAT + restriction by white list with provider's DNS server in it for clients "direct" DNS requests!?
You can use a UDP mapping or just NAT if you like. It just affects what DNS servers you specify for your clients to use.
Alen wrote:- What size to set for a cache size limit? (~ 20 users).
I am afraid setting too large size will result in too much data to become out-of-date. If you only have an option to delete files older than x days, this would be quite useful. I know I can purge or clean (?) cache by scheduler, but this not the same...
There are quite a few criteria you can use in your cache purge rules.
Alen wrote:- What is the max size for logs and audit files?
There's no maximum.
Alen wrote:- Routing -> Relay UDP broadcast packets.
Does Relay broadcast packets function relay only packets for the ports, listed and choosen in Advanced broadcast port settings?!
yes.
Alen wrote:- Firewall -> Discard spoofed packetsIf this option is enabled, WinGate will check to ensure that the source IP address in the packet header is really the computer that made the request. If it is not, the packet will be discarded
How does it work? How Wingate can check that the source IP is really the computer that made the request?
Hmmm, that's bad writing in the help file. It simply checks to see if the interface the packet is received on "seems" to be correct for the source address. e.g. if you receive a packet with a private source IP on an external interface, it will be dropped. We normally turn this option off actually.
Alen wrote:Can this anyhow conflict with ARP Responder function activated on Wingate WAN interface? I think not, but want to check.
No it won't affect it.
Alen wrote:- What if we open some Internet 2 LAN or 2 DMZ ports and does not check Notify on access box, does this prevent any logging of "outsiders" connections to LAN|DMZ?
I mean, when LAN users access any WIngate service we can log it either as service sessions, or user activity audit, which is good. What about logging facilities of the connections from Internet (to Wingate or through Wingate to DMZ or LAN)?
They are still logged, in the WinGate NAT log files.
Cheers
Adrien