Questions about Jetico 2

I switched Jetico1 to version 2 yesterday.I had spent a lot of time in handling J1,but now I am frustrated again with J2.Sometimes I was too lazy to make specific rules for some applications and just added them to "Application Trusted Zone" in J1.But now in J2,that zone is gone!The most serious problem is that it is now blocking my Firefox visiting anything without any popup!I tried to make the log work to let me know what happened when using firefox but didn't find anything.So is there an easy way to make an application trusted totally?
And some other questions about J2.
#1 Can J2 defend ARP attacks?If it can,how to set?
#2 Does J2 have a stealth mode?If it does,is it set by default or what?

Anyone help?Thanks a lot!

 

Hello bonedriven,

apparently nobody can answer your questions.

Already tried the JPF v2 Support Forum?


Regards,

Smokey

 

Hello.

I can answer the question regarding rules.
Adding anything to "Application Trusted" is not a good practice. That will make far too opened rules. I don't see much use in "Application trusted" except for some remote utilities for use on a LAN.
The best way to create basic rules is to assign applications for which the prompts are given to a preconfigured templates. There are built-in templates in Jetico 2 for all kinds of applications, Browsers, FTP, all kinds of clients.
Firefox will ask 3 times - once for direct network access, once for indirect network access (you should "permanently" allow both) and the last time for network connection. If you only click on "allow" that will give permission for a prompted IP address for remote port 80, which is too restricted for normal browsing. You should instead select "use template" -> "web browser" and "permanently" allow it (screenshot)



And that is all. There is no need to make specific rules, they are already there! (browser templates were there in v1 also). You can inspect which rules "Web browser" template contains and change them (adding/restricting ports) anytime.
Regarding ARP attacks, I do not know anything about it, as I am on a wired without LAN, so it is not important to me at the moment. But, I would have to look into that as well, in time.
I have no much interest in "Stealth" capabilities also, as I tend to keep my network services and applications as low as possible, and I am behind a NAT router. I do know that those port scans are made by sending TCP packets with SYN flag, so you should make a network rule that will NOT send ACK/SYN in return and just drop such SYN packets. I see there are by default rules against NULL and XMAS scans, but I really don't cover that area sufficiently to comment further.
Maybe Stem or other knowledgable Jetico user can clarify this....

Cheers.

 

Hello,Smokey!
Thank you for your link.I'll look around there.

And The Seer,Thanks a lot for your detailed explanation.However,I have given up J2 because I don't wanna spend too much time just to study a firewall which I'm not even sure it worths.Anyway,I appreicate your post!

 

It is a very good firewall. But exactly this is the problem with Jetico - there is not enough support. You can find a couple of useful threads on Wilders regarding Jetico, if you decide to give it another chance. You should also take some time to read the help, it's not bad either. In any case you have to spend some time configuring and maintaining it, but it is very much worth it IMO. Strong protection with granular control.
That said, it's certainly not everyone's cup of tea... just like all software...

Cheers.

 

Rules can be set to allow/deny comms for ARP by MAC, so correct rules set, can block unsolicited (bind to gateway MAC). This in itself is not always the best, as binding of MAC/IP cannot be done in JPF2, so there is still a possible problem

Default.