Firewall woes

Discussion in 'other firewalls' started by atech, Jan 13, 2003.

Thread Status:
Not open for further replies.
  1. atech

    atech Registered Member

    Joined:
    Jan 13, 2003
    Posts:
    4
    I have been a big fan of Kerio and Tiny but lately both of them are causing BSOD in my WIn2K with IRQ_not_equal.... in fwdrv.sys. I have found this to be a reported issue with these firewalls. So I decided to try out the next highly reccommended one, Outpost.

    Well I cannot get it to let any traffic through no matter what I try or what troubleshooting info is provided by the Outpost forum. So on to the mext one.

    I installed Sygate and it works fine except.... it allows local loopback without a whimper and no way to prevent or control that behavior. It also idenitfis two completely separate programs as the same one, allowing one to pass under the rules of the other!
    Filezilla is what it identifies Putty as, very disconcerting.

    I have used Zonealarm in the past but I prefer to be able to have rules based firewalls, but it lloks like it will be my last resort unless someone can point me to the places to check in my OS to fix these bugs in the other firewalls.

    Any ideas what might be going on with my system?

    Win2K, SP3, all latest updates, AVG..... etc
     
  2. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    First thing to do is to make sure you have ALL the remains of ALL previous firewalls off your computer. This particularly means ZoneAlarm. Did you follow the proceedure outlined on their website to uninstall and clean it up?
    Sygate also leaves some nasty stuff.
    If you go to control panel, system, hardware, device manager, view, show hidden devices, under non plug and play, see how many remains of firewalls are there and need to be removed. Be careful though.
    Also, I moderate at Outposts forum, did I try to help you there, under some other name perhaps. You could have used atech there too, I see so many, its hard to remember all.
    The message you are getting usually come from a bad install. That is usually caused by other firewall remnants.
    Best I can do right now. Its late.
     
  3. atech

    atech Registered Member

    Joined:
    Jan 13, 2003
    Posts:
    4
    Thank you for replying. Before I saw your reply, I rolled up my sleeves and got to a real cleanout of all the crap left over by the other firewalls.

    First I found no trace of Kerio, but I found traces of outpost even though I ran the .reg file and ran regcleaner with the reccomended settings. I also found traces of Sygate too.

    It seems that despite all best efforts up to this point, I had neglected one important are, the hidden drivers in the device manager that both firewalls should have cleaned up themselves when uninstalling.

    After removing all drivers floating around, and through paranoid interations of regclean, and easycleaner, and manual hunting of remnants, I am now posting this message while running outpost.

    I must say that I am very impressed with the level of built in rules for the apps I run. But I have yet to make any judgement on the performance of my networking with this firewall running, nor have I been able to evaluate the performance of the ad blocking etc that I would have otherwise counted on Proxomitron to do.

    I will report back in a day or two.


    Thank you again for your time.
     
  4. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    To solve this issue in KPF :

    Increase de buffer size :

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fwdrv et modify the value
    MaxBufferSize :
    DWORD VALUE 4000 (hex) or 8000 if need.

    Rgds,
     
  5. atech

    atech Registered Member

    Joined:
    Jan 13, 2003
    Posts:
    4
    Well thank you for that info about Kerio buffers.

    I hadn't found that yet obviously, but it still begs the question:

    If there is a problem with Kerio killing a computer with a buffer of h4000, then will it not alos cause the problem with a value of h8000 but just a later time or at a higher traffic volume?
     
  6. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi,

    Depends on your configuration.

    Very seldom a greater buffer may be needed.

    Rgds,

    JacK
     
  7. atech

    atech Registered Member

    Joined:
    Jan 13, 2003
    Posts:
    4
    After playing with Agnitum Outpost free version for a while, I found myself longing for some of the features and ease of use I had with Kerio and Proxomitron working together.

    Outpost is a very capable and flexible firewall with integrated ad-blocking and other nice web filters. It seems to be very easy on resources and doesn't seem to interfere with networking speed. I did miss some very important, to me at least, things. One of them is control over local loopback. It may be there but was not obvious to me. The second was there was no way to set an untrusted zone, nor a way to set a trusted zone or IP or block of IPs. I know there is an unsupported plugin for untrusted zones, but that doesn't fit my taste.

    I also found myself wanting to be able to quickly disable the web filtering functions when viewing certain trusted websites that woudn't work properly otherwise. This seems to be a tedious thing in Outpost, having to go to each filter and turn them on or off. There seems to be no global on or off for these filters, or easily accessible one.

    So after deciding to go through the trouble of the uninstall and cleanup shuffle and get Kerio running again, I haven't looked back. The reason I bothered with Outpost in the first place was because of the BSODs it was causing in fwdrv.sys. After the advice of Jack, increasing the buffer size as he has posted here, things have been flawless again. Kerio has the ability to control things based on apps, and just on ports and IPs too, Outpost needs everything bound to an app. I can block IPs, ranges of IPs, control local loopback of all apps, etc...

    Throw in Proxomitron and you have probaly the best and most flexible firewall web security combo that can be obtained at this point, free or not. Plus you can add proxy servers to proxomitron with ease and add another level of protection.

    So I highly reccommend Kerio 2.14, and Proxomitron over any of the other free alternatives. This recommendation does come with the caveat that I have not used or tested it on a machine running ICS. Personally I would not use ICS anyway.
     
  8. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Just so you know and others understand.

    Outpost is a very capable and flexible firewall with integrated ad-blocking and other nice web filters. It seems to be very easy on resources and doesn't seem to interfere with networking speed. I did miss some very important, to me at least, things. One of them is control over local loopback. It may be there but was not obvious to me.

    ==>Loopback can be controlled on a global basis or by application.

    The second was there was no way to set an untrusted zone, nor a way to set a trusted zone or IP or block of IPs. I know there is an unsupported plugin for untrusted zones, but that doesn't fit my taste.

    ==>In the Pro version there is a trusted zone section. The plugin for untrusted zones works quite well. One of the strengths of Outpost is the ability of other programmers to ad functionality to the basic firewall.

    I also found myself wanting to be able to quickly disable the web filtering functions when viewing certain trusted websites that woudn't work properly otherwise. This seems to be a tedious thing in Outpost, having to go to each filter and turn them on or off. There seems to be no global on or off for these filters, or easily accessible one.

    ==>ActiveX, cookies, js and vb scripts, referrers, java applets, and popups can be set to accept or reject on a global basis. You can then set individual site permissions for all except referrers, which is global only. That will be fixed in the future.

    It is too bad that some people drop Outpost for reasons that can be addressed and fixed. There are many people at the Outpost support forum that could have helped with these problems. One only has to go there and ask the appropriate questions and supply enough information.

    Outpost version 1 is not for everyone because it does have some problems with certain function in XP. When version 2 is released, most, if not all of those problems have been fixed and I think many people will be pleasantly surprised at the power and ease of use of Outpost.
    We shall see. ;)
     
  9. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Root,

    Excellent product even on WinXP AFM.

    Main grievance : slight memory leak if you don't empty the log often.

    Rgds,

    JacK
     
  10. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    Agreed! Although, unlikely as it may be, if this combo should fail me, Outpost would be my next try. ;)
     
  11. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
     
Loading...
Thread Status:
Not open for further replies.