help me with zonealarm..

hi, i recently tried downloading zonealarm for my computer which is directly connected to the internet but also serves as the ics gateway for the other computer here at home. the problem is that even if i set the firewall to "act as an ics gateway" in the options, all that my other computer can do is chat on irc. whenever it tries to surf the net using firefox, it just says that the addresses cant be resolved. oh and when gaming, usually the other computer also cant play online games. any suggestions for the settings? or can you suggest better firewalls for me? thanks!

 

there are many bugs in Zonealarm 5 version.The zonalarm team says to all customers that they must go back to 4.5.I don't know but for my is Sygate the best.The personal edition is free for non-profit and home users

 

While what Stephan says is correct about ZA/ZAP 5.0, there may be other issues as well. You don't mention what ZA/version you are using, is it the free version? 5.0 or 4.5? I recall hearing some things re: networking are possible with the free version and others require ZA Plus or Pro on the gateway PC. Although if the client PC can use IRC chat but not make a connection with a browser that it sounds perhaps as if some settings need adjusting? Have you included the other PC in ZA's local zone for your network? (Just shooting from the hip here. )

As I haven't used ICS and ZA on a network I really can't help with your problem. But if you don't get more assistance here from a ZA guru (like LowWaterMark, for example) you might also try posting at the ZoneLabs ZA forum.

 

"The free product ZoneAlarm does not support Windows Internet Connection Sharing (ICS), and is not recommended on the ICS gateway PC. If you do decide anyway to use free ZoneAlarm on the ICS gateway machine, Internet Zone must be set to Medium setting (ZoneAlarm on the ICS client machines can have Internet Zone set to High). Note that if the Internet Zone is set to medium, the PC will not be stealthed, so this is not recommended. On some systems, Generic Host Process (GHP) or SERVICES.EXE may ask for server rights to connect to DNS; if so, add your DNS servers to your Trusted zone only; then give server rights to GHP and SERVICES.EXE for the Trusted zone only. In addition, ZoneAlarm does not have automatic network configuration, so the ICS network must be added to the Trusted Zone manually."

http://www.zonelabs.com/store/content/support/techNote_9.jsp

Try the settings mentioned above and see if that helps. You may want to look for something that will work properly with ICS.

Regards,

CrazyM

 

thanks so much! it works now! btw, i was using version 5 but now i downgraded to 4.5 as stated in the zonelabs forums and did as you said crazyM i was just wondering.. if i get more experienced with firewalls next time, what proggy would you guys recommend? or is zone alarm good enough?

 

You haven't mentioned what OS you are running on the gateway PC. Are you using XP? Frankly, I wouldn't be comfortable setting ZA at medium security on an XP machine since in the past it was noticed that not all service ports would be closed. Instead some would be open. The main reason I would use a software firewall (especially when not behind a router) is not to have open ports on the internet. So a ZA medium setting with XP would defeat that purpose.

In the past it was considered a given that with ZA at medium security in the internet zone ports would just be closed rather than stealth (a condition that is still safe) and the ZA help files, manual etc. indicated that would be the case. But around the time of the 3x or 4x version of ZA some XP users noticed that when the setting was at medium some of the service ports were open. A bit of a surprise that was. (There was a rather long thread at broadbandreports security forum on this.) ZoneLabs' response was that they couldn't do anything about that when services are running and the internet security zone is set at medium and that was it.

So, if you're running XP (or perhaps even W2K) on the gateway PC I would advise finding another way of networking one's PC's. If you're on a broadband internet connection getting a farily inexpensive NAT router (some have firewalling capabilities like DLink and others) would work. And you could still run ZA free on both PC's. That would be more secure than a direct connect to the internet and ZA at medium security for the gateway PC IMO. If you're not on broadband or don't want to use a router, get a firewall that allows high security on the gateway PC when using ICS....although you're options for such firewalls may not be free. (I wouldn't recommend ZAP at the moment till the new releases' bugs are kicked out of it.) Perhaps others can suggest other alternatives good for your specific circumstances.

I just don't think it's a good idea to get a software firewall and then compromise the security it can provide in order to get ICS to work with it. Which is one reason why it's not recommended to use ZA free on the gateway PC with ICS.

With W9x on a gateway PC it may be another matter, I don't know. I tweaked my W98 PC so that all ports were closed on the net without a firewall. Either way, regardless of what OS you use, with ZA at medium I would run a thorough port scan on your gateway PC using the various tests that Sygate provides: http://scan.sygate.com/

 

In my opinion, it's one of the best. I used the ZA Free product for a couple of years before upgrading to Pro a few months ago. While I like the Pro version, I'm starting to wonder if upgrading was really necessary - in retrospect, the Free version was very adequate.

 

The answer will depend on whether you want a firewall that gives you detailed configuration options versus one that is simple to use, one that offers extra features (ad filtering, privacy controls) or one that performs well against leaktests (programs that test your firewall by trying to bypass it in various ways) or online scans.

You will find recommendations for almost every firewall available ultimately but I would suggest that ZoneAlarm is better for you if you value simplicity (it is pretty much as simple as a firewall can get). If you want more control (like the ability to limit programs to specific sites) then consider a rules-based one like Kerio (many here will recommend version 2 over the current version 4 though) or Outpost (which I favour). To get an idea of what is involved, you can download the Kerio manual from here or check the Web-Hiker's Guide to Outpost (it covers version 1 but most of it applies to the current version 2 also).

 

thanks for your replies btw, im running windows xp professional, and this is the computer directly connected to the internet. im sharing the connnection between 2 computers so this one uses 2 lan cards. im gettin a notebook soon and will change to a wireless router at the same time. anyone recommend any specific brand or model? preferably the faster ones when i get the router installed id probably just setup zonealarm free on all the computers because i prefer simplicity in setting it up.

 

Hi sweeeeetuums

If you check the Other Firewalls Sticky Post you will find some links on routers that might help get you started in finding the right one.

Regards,

CrazyM

 

If you are going with a wireless network you need to pay particular attention to securing your wireless connection (and network). It's basically like a radio, broadcasting itself within whatever distance it may reach around your area. If not properly secured others could use it to have access at the very least to your internet connection.