Information Request:

Hello, I am looking on getting a new firewall setup in the near future and wanted to see what was best or preferred.

After reading an article in PC Magazine it said that TMIS scored #1 in AntiVirus and Zone Alarm 4.5 was best to combine with it. Since I could not get Zone Alarm to work correctly I choose the following setup shown below.

http://www.pcaudit.com shows the system as clear however when I checked for leaktests many went thru undetected.

My current setup:
Linksys BEFW11S4
SP2 RC1 firewall disabled incase it would conflict with TMIS2004
Trend Micro Internet Security 2004 ( Anti-Virus of the Same Brand )
TDS-3
Port Explorer
Process Guard
Spybot
Ad-Aware
Tauscan
BoClean
The Cleaner
TrojanHunter
A2 Free Edition
HiJackThis198v2

What would be the new recommended setup. I cannot use Zone Alarm 4.5 or 5.0 on my system, because even in learning mode after immediate install it will not let me connect to the internet.

Any information is appreciated.

 

Did you enable the firewall component in TMIS? That might explain the failure.
Never ever activate two firewalls on one system (including Windowes firewall). So either TMIS firewall OR ZA OR Windows firewall.
If you're running Linksys in firewall mode, don't even think of using Windows firewall, it adds nothing to your setup.

 

Hi Mike20041, Mike for a simple firewall that is low on resources and will protect your outbound connections I would suggest Kerio 2.1.5, it works well with NAT routers and provides outbound protection that is not provided by your router.

There are also excellent pre-set rules available for Kerio 2.1.5 such as those by BlitzenZeuz which includes information about using them with a router.

Use Process Guard to protect the main Kerio .exe.

To make your router more stealthy you need to create a "black hole" In the Linksys this is relatively easy.
In the DMZ settings select an IP address which is NOT used by your LAN a number such as 192.168.1.199 for instance and enable it. This creates a fiicticious address for unwanted connections.
Then go to port forwarding and forward 80 - 80 to the IP address as above.

Try the test sites now.

As pointed out by Meneer never run two software firewalls toether as they can cause conflicts.

HTH Pilli

 

Hi the Zone Alarm pro current beta [5.5.035.000] has full compatability with SP2, Also it shares the highest security rating of current firewalls.

Microsoft has warnings on using Zone Alarm 4.5 with SP2, there are compatability issues.

 

Thank you for the information, I am going to give ZA 5.0 another shot and then try kerio 1.2.5, however on the kerio website they only seem to offer a KFP version 4.

http://www.kerio.com/us/kpf_download.html

Current version: 4.1.1
Release date: September 29, 2004

Since 2.1.5 was recommended should I still try that version or is it best to try the 4.1.1?

I will definately take the advice on creating a blackhole for creating a ficticious IP from the router.

 

Mike, Do a google search for Kerio 2.1.5 as it is no longer supported By Kerio but has an enthusiastic user support base.
Personally I do not like Kerio 4 especially as Process Guard does the sandboxing of apps better IMHO.
I cannot see the need for ZA with a router unless you like all the bells and whistles + resource usage that come with it. KISS comes to mind.
Another nice low resource firewall is L & S who's support forums are here at Wilders.
Don't forget to add your Anti Spyware programs, Javacools Tools are very good, again with the support forums here at Wilders. Spybot Search & Destroy compliment Javacool's tools very nicely.

HTH Pilli

 

Direct download link for Kerio 2.15
http://www.kerio.com/dwn/kpf2-en-win.exe

Regards,

CrazyM

 

Just wanted to stop back in and say thanks, the kerio firewall is great and offers more control over outbound connections and application access.

I do have another question concerning the port forwarding discussed above.

I am using the firmware version 1.5.0

The forwarding options I have available are:

UnPnP Forwarding and a seperate called port range forwarding which can be used to forward ranges or one port itself.

After testing both the UnPnP and regular forwarding they both seem to work, but which is better to use?

Thanks again

 

Hi Mike, I am not familiar with your particular firmware. General certainly and you can do th UnPnP as well, worth a try
When I use my old Linksys and am using a Port: 8080 proxy I also add that to forward to the blackhole with no problems.
I am currently using a 3Com office connect wireless router which has different DMZ set up yet again i.e. different terminology, it appears that the different manufactures all use different terminology to achieve the same ends, so it seems that Linksys probably have slightly different terminolgy's within their own range

HTH Pilli

 

UPnP forwarding is more dynamic (can change things on the fly so to speak) and works with applications that use UPnP. The regular port forwarding is fixed at the ports defined.

Regards,

CrazyM

 

From a security perspective, I would suggest you consider disabling UPnP completely. The reason is that if legitimate applications can choose to open a port through your firewall, then so can any malware - meaning that you lose the ability to block it from "phoning home" (which in many cases is the first indication people receive that something is amiss).

Unfortunately some applications (specifically Microsoft MSN Messenger and Microsoft NetMeeting - see a pattern here?) seem to have the need to use an abnormally wide port range. If you *have* to use these applications, then you will need to bite the bullet and lower your security (using MS products pretty much does that anyway ).