Jetico Firewall

Hi Guys

I'm new to Jetico Firewall and am still getting to grips with how it works. Is it possible to setup the following as one rule:-

icmp - 0,3,11

When I tried creating this rule, I got the impression that I needed to create 3 rules. Am I doing something wrong?

 

It seems that for ICMP U have to make rule for each type/code but...
For icmp type 0,3 and 11 inbound U already have rules created and active (assuming U are starting from default config). Find them in "System Internet Zone" table.

 

Thanks for your reply . Yes, I used the default configuration but removed all the preset rules. I wasn't online at the time and was just experimenting with setting up new rules and getting used to the firewall. Are all those tables and rules required? I normally use KPF4 but just fancied a change. Jetico firewall seems like a very good firewall but I think I'll need to do some reading first before going online again.

 

I would recommend leaving all of the default rules intact, not deleting any. Then just add what you need to tweak things for your system and apps. But there shouldn't be any need to delete any of the rules in the default set.

 

I'm having a strange issue with Jetico, or maybe I'm missing something obvious. I've got a new install of the latest version of Jetico and the default rules. For some reason it seems like the Application Table ruleset in the Root table is always ignored. No matter what I throw in there it never seems to reach it. I'm just trying to get firefox to work as a basic test and it never prompts me that its trying to access the network. I've even tried manually adding a firefox rule to the System Applications table and it still can't get out. It only seems to be hitting the System IP Table. Any suggestions?

 

Better just uncheck rule then delete it for experiments.
And to get "experimental configuration" I suggest something like this: rename your actual policy (Optimal) to something like "TheRealWall" Then save your configuration (File->Save As...) and name it for ex. 180505.bcf. Then restore default setting (File->Restore Factory Settings). Ouch! "TehRealWall" is lost! Not so! Now load (File->Open) 180505.bcf. It’s back and U can apply this policy (RMB on it’s name->Apply policy) and set it as a default policy (RMB->Set default). This way You get all default policies and Your experimental/default in one configuration.
What is it for? Simply... U can review your rules with defaults and even copy them from one to another by clone rule and then drag & drop between policies. Nice one IMHO

 

Strange. Could U revert to factory settings and then launch "Firefox" and go to any website?
Any alert?

 

I've been using the factory default from the start and resetting it before I try a new change. When I start Firefox it seems to go directly to the System IP Table and goes through all of those rules until it gets to the "Block all not processed IP packets" rule and rejects the app. I get the same thing with IE and thunderbird too. I've even tried putting an ask rule as the first rule in the Root table but it just ignores that too.

 

houseeg
IMHO U should report it to Jetico devs. It looks like smth is blocking app. control in your config. Well... Maybe tell smth about your computer. What other "security" apps have U running on system? What was your pfw before Jetico? Go to EventLog and look for errors...

 

Check to see if there is an Ask rule at the end of the Ask User table. You might have deleted it by accident. I have before. It needs to be there, and if it isn't then I'm not sure what would happen. It would either allow or deny everything without asking though...

 

Go through all the tables in Jetico and look for any reject rules that you have and then turn on there logging, such as Log Level: Alert. Then clear your logs and then start up firefox and report back here the details that are showing up in the log.

 

Regarding the Ask rule, my config is at the factory default and the Ask rule has always been present. If anything I've added more ask rules in the Application table path to try to see if its using it and it sems to always skip it. I've also turned on logging at each reject rule and it always stops at the reject rule inthe System IP table. The path it seems to follow is Root->System IP table->System Internet Zone->System IP Table->reject (in System IP table). I've tried re-installing and that didn't help.

 

I turned on logging on all reject rules and I get the same line repeated 3 times when firefox tries to connect out. Forgive the formatting, but it appears as though the logs aren't plaint txt.

Action - reject, Description - Block all not processed IP Packets, Size - 52, Protocol - TCP, Event - outgoing packet, source address - 192.168.1.100, Destination Add - 216.109.126.22, Source port - 1079, dest. Port - 80, Misc - TTL:64; TOS:0; ID:451C; Don't fragment; TCP flags:SYN; TCP Seq:F3912850

 

Did you try asking Jetico directly via email yet? They usually respond pretty fast and they might have additional ideas. Plus if it's a genuine problem or bug then they should know about it...

 

May I ask... Can U try to start from default config again?
1. Disconnect from Internet.
2. Restore defaults in Jetico.
3. Shutdown Jetico.
4. Run ConfigWizard and remove ALL from "trusted" and "blocked".
5. Launch Jetico and "revert to factory settings" again (just to be sure).
6. Connect to internet.
7. Run any network related app. FireFox for ex.
And...

PS: Is it possible for U to mail me your saved config (.bcf)? PM me if U wish

 

OK there's something weird going on with my PC. Just for kicks I uninstalled Jetico and tried putting NetVeda on. Now if I install NetVeda but don't reboot after installing it, it will prompt me when my apps try to get out. But once I reboot my PC NetVeda just allows all my apps to connect without prompting. I've tried killing just about every running process on my PC and then restarting the firewall and it still has this issue. If I uninstall NetVeda and reinstall it it behaves the same way (works fine until I reboot). I'm guessing that Jetico is having a similar issue, but I can't for the life of me think of what could be causing it. Anyone see something like this before?

 

I had the problem of Netveda allowing anything to pass. It was after trying others. I had to manually delete all references to other f/w's in the registry. It then performed correctly when I re installed it.

 

Firewalls in general really need to clean up their un-install act, most of them leave too many junk around. The cleanest to install to my knowledge is Kerio 2.15

 

If you REALLY understand Jetico, please email me at <[COLOR=Blue]Removed[/COLOR]>
I have been using ATGUARD forever, but XP has pretty much nixed that.
I am trying to basically emulate the scenario;
block ALL traffic inbound and outbound, unless I have a specific rule to allow it.
I can't figure this JPF out!!
Banjo

Banjo-Removed your email address to prevent harvesting--Ron

 

Does anyone have Jetico's email address?

 

you can try this feedback

 

Hi,

support@jetico.com

 

Read the help file http://www.jetico.com/Firewall.chm

 

I thought that I would have another go with Jetico today. I accepted all the defaults. On re-booting I had several popups which I dealt with appropriately. It then re-booted again with more popups. I then tried to connect. I blocked without warning Mozilla which uses proxo to proxy through. Firefox it allow through without question as it did my mail app Pocomail.

Really don't understand what this f/w is up to. Surely it should ask for permission to connect. Have had to uninstall it for now.

 

Unfortunately, it can require a fair amount of tweaking of the rules to get things working in special cases. For me, it's more trouble than it's worth.. I'll stick to Kerio 2.1.5, which is a little more straightforward..