My Jetico v.1.0 is working absolutely fine,but i have noticed in Ask User that it asks sometimes the permission to an outbound connection to port 443 -when there's the 'padlock',when registering somewhere or everytime i make Mozilla updates/extensions-
not for Avast! ashWebSV.exe,
which all outbound-inbound connections go through at 12080, but directly for Firefox.
I wonder if this is normal or if i forgot something about 443 at setup.
I always use FF to navigate so i cannot explain these 'exceptions'.

My relevant settings in Jetico are:

APPLICATION TABLE-
WebBrowser dis any access to network ashWebSV.exe
WebBrowser dis any access to network firefox.exe
WebBrowser dis any access to network IExplorer.exe

WEB BROWSER-
accept dis 0 accesstonetwork
accept dis any accesstonetwork ashWebSV.exe
accept dis TCP/IP inb. ashWebSV. any 17.0.0.1 12080 1024-4999
accept dis TCP/IP outb ashWebSV. any any 1024-4999 80
accept dis TCP/IP outb ashWebSV. any any 1024-4999 443
reject dis any any ashWebSV.
accept dis any accesstonetwork firefox.exe
accept dis TCP/IP outb firefox.exe any 127.0.0.1 1024-4999 12080
reject dis any any firefox.exe
accept dis any accesstonetwork IExplorer.exe
accept dis TCP/IP outb IExplorer.exe any 127.0.0.1 1024-4999 12080
reject dis any any IExplorer.exe
reject Default action


Fwsetup.exe is on reject.
My Firefox is set to a ManualProxy configuration, HTTP proxy localhost,port 12080. No Proxy for localhost,127.0.0.1

similarly for IE.

(I must say i tried with the option 'Direct connection to the Internet' and
absolutely nothing changes.....FF and IE behave the same way with or without these 'proxy' settings, Avast! proxy likewise is unperturbed by such a change and works the same.)(i'd say..well)

Hi poirot,

I posted rules for you here (http://www.wilderssecurity.com/showthread.php?p=808399#post808399) for Avast/firefox->Jetico.

Have you correctly placed a jump to "browser rules" for firefox (I would suggest that you split the rules up,.. as I originally posted)


EDIT: I think I can see the problem, your application table (ask user) rules. These should be a jump to browser rules for any event (not just access to network)


.

Stem thanks a lot, i just changed in Application Table from 'Access to network' into 'any',as it should have been.
Quite frankly,in spite of the existence of a few Manuals and Jetico Help files
i would have never succeeded in setting this firewall up to a good standard without you. 'Nail' should hire you up as at least an Advisor for their firewall!
Regarding the Avast! proxy-Browsers settings issue i mentioned,that is,the fact that either with proxy settings in place in firefox or not the result is the same, perhaps these browser settings (localhost:12080) were surely needed with Windows98 but not anymore with XP, or at least with Firefox.
(Just an hypothesys)
The fact is i have one pc with browsers set with localhost&12080 and another-both same programs- with 'direct connection to internet' ....and they work exactly the same way.....Avast! proxy works fine with both.
Perhaps it is because Jetico settings force the browsers to connect to
port 12080 and in such a way the browsers have no option albeit devoid of proxy rules?
I'll make a few more experiments about this and let you know.

Hi poirot,
I will re-install to have a play.

Edit:,
I think this is a good example of problems with using local proxy, and how it would be easy for other application to gain access through localhost.

Anyway:-
For the browser rules, make the remote port any (for the 127.0.0.1 outbound connection).

Dont forget to add port 443 to Avast "webshield redirected HTTP"

-{ Quote: "I think this is a good example of problems with using local proxy, and how it would be easy for other application to gain access through localhost." }-

I may add that this issue is the hardest to control and fully understand among all firewall issues...at least for me,as i had to fight with Sygate loophole at first and now with a proper Jetico set up.
On the other hand i would hate to give up Avast! proxy as i am more than enthusiastic about its effectiveness.
I use the pc for four or five hrs a day and visit many sites,but since i went from my previous AVG to Avast! i can assure you i didnt have to delete more than two or three low danger level tracking cookies in 10 months.Of course great merit to Firefox and its extensions,like NoScript,but Avast! turned BOClean antitrojan into a jobless comprimary.
I could put the WebShield at rest and get on with just the Standard protection and all these problems would vanish, but i am confident to find the right answers here....

I will apply the other two suggestions as soon as i disable ShadowUser later on, thanks again Stem.

More eloquent than words-yesterday connection to FF updates with
my previous settings:

and this is after your suggestions Stem, all is OK:

Hi poirot,
-{ Quote: "On the other hand i would hate to give up Avast! proxy as i am more than enthusiastic about its effectiveness." }-There is no need to give up Avast proxy,.. you just need to keep a tight config,... and keep the loopback out of the trusted zone.