Discussion in 'other firewalls' started by notageek, Apr 22, 2003.
Here's the main part of the firewall.
Here's what the Control Internet programs look like. It's not a bad Firewall just has a little learning curve and also leaves port 135 open if you're running WinXP. I'm not sure how to close it.
more than 100 warnings, and i bet most, if not all, were harmless packet transfers.
Thats the thing with Firewalls, half the stuff they alert on (especially Zonealarm) is harmless, its a shame because the average 'as long as it does its job' user doesn't want to see hundreds of alerts as he instantly thinks he's under attack comparable to WWIII.
But veering off topic there, how does it run? are the rules easily customiseable?
Edit* sorry, looks like I replied in the middle of the screenies!
Leaving port135 open is often a cause of 'Generic Host Process' (svchosts) whch you have highlighted there, make sure its not running as a server (a common Sygate problem with Port 135 and new users)
The rules are a little hard to do if you're a newbie to rule based firewalls. I would say that Kerio is a little easier to fix the rules than McAfee. I know most of the hits where harmless the only hits that wasn't harmless is the ones I did when I ran tests on it.
Yeah I have Generic host blocked and still have the port opened. I never had the problem with Sygate just the problem that Weather Pulse would access the internet without asking. It piggybacked Proxo lol. But to the rules, if you know what you're doing on rule based firewalls I'm sure it will be easy to set up. The only thing I find sad is that All the McAfee programs are program in the filter for you. I see Virus scan not having no point in going online only the updater. lol
Thanks for the pics.
Can you show a shot of the page that shows when you make a rule? You know, what options you have.
Also, can you make global system rules, such as block ports 135-139 UDP?
Here you go Root. This is my filter for Generic host. I have it blocked though. You have to click on each of the blue writing to make a filter.
Oh yeah I haven't found a place so you can make a global system rule. You have to add a program to make a rule.
Doesn't look anything like Signal9s old firewall. I wonder if it uses the same engine?
You might try making a rule for SVCHOST.EXE specifically blocking port 135. Not sure if you can do that though.
Thanks for the pics, NaG !
I always wondered what McAfee FW was like !
Keep us posted on it's performance.
I also like the GUI of McAfee FW. Neat and tidy.
Nice work !
Thanks Root and Eyespy. this firewall get rather annoying with the pop up messages. Everytime I allow a porgram and put a checkmark in remember this it keeps asking. Right now I have to allow all cuz Proxo is not playing nice with McAfee FW. They was getting along and now they aren't. lol Still working on find a way to block port 135. As soon as I get Proxo adn the firewall to work together again I'll try on a rule and let you guys know if it works.
Well I gave McAfee FW a try and thought it was a nice FW but I have some gripes with it. The first is that it lefts port 135 open. the next gripe is that it don't play will with proxo. Every time I put a checkmark in the remember this it block proxo. I had that silly little Eye in a triangle page that says the page can't be found or something like that. It even did it on this board. You also have to allow incoming on a few programs just so they can works. I tried making a rule for Proxo and still got the same web page. I also found that it took a little more mem than the virus scan does. The FW might be good for some but I didn't really care for bulky app. I unistalled it and went back to Sygate even though it has it share of problems. I'm waiting for the new Sygate or Outpost. which ever one that comes out first will get me to download and use. I hope this little post help some people.
Hang on long enough to at least try Outpost.
It's looking good.
I think outpost might be out before Sygate getes there bugs fixed. But I really want to try outpost. How does it work with XP HE?
The ones I know that are using XP aren't complaining. That's where they put a lot of effort into the new features and fixes.I really believe its going to be a very popular firewall.
I'm looking forward in trying it. Any word on when it will be released?
Hi. New to the forum. 1st post. I've been using 5.0 standard version for a few weeks and aside from a few things that enabled as the default, SPF 5.0 is shaping up to be a really great rules based firewall. What 'bugs' are you referring to in Sygate?
I'm no expert Mothman but I believe a major concern is that Sygate cant filter LocalHost, for instance if you were running a proxy any program can connect to this proxy and get out without any warning from Sygate.
Like I say I'm not good with firewalls so someone will be along to correct me or expand more soon.
Yes tinribs that's the the main bug I seen Sygate have. I sure there's other minor bugs with Sygate but lot of programs haves bugs in them. But I heard Sygate was going to have this fixed in the next update.
Mothman, Sygate isn't a true full ruled based firewall. It's rule based to a point. Kerio on the other hand is a full rule based firewall.
So what makes Sygate *not* a "true" rules based firewall. Or are you overruling it simply because of what Tinribs said about apps using the web if you're using a proxy. I want to know because despite the few items that really chap my ass about Sygate, I still like it a lot more than ZA.
I used ZA for almost 4 yrs because it was a perfect no brainer firewall--it did the job w/o me having to specify rules about protocols that I did not want to learn about. But then I had to remove it bc it interfered with my connection and thats when the nightmare began.
Ended up having to reinstall Windows and once I got over being disgruntled about that decided on using a firewall that wasn't going to wrap itself so tightly around my system that if I removed it would wreak havoc. Sygate was my 2nd choice.
After I learned how to configure it and became familiar with setting up advanced rules and got over being pissed about every application having server privs enabled *by default,* I've been really happy with it. It passes port security scans, etc. and I use an IDS as well so I'm assured that my system is relatively secured at least for now. If someone really wanted to hack into my system then I'm sure neither firewall nor IDS would stop him but for me, SPF is good enough for the moment.
Sygate is an application/rule based. Maybe someone else can explain it a little better.
I don´t know if you´re familiar with this site: http://bellsouthpwp.net/i/k/ikpe/
It helped me a lot when trying to learn a little more about configuring SPF.
Pieter I stepped away from my computer for a little and came back and was going to put up the same link as you did. You beat me to it.