Information Request:

Discussion in 'other firewalls' started by Mike20041, Oct 12, 2004.

Thread Status:
Not open for further replies.
  1. Mike20041

    Mike20041 Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    11
    Hello, I am looking on getting a new firewall setup in the near future and wanted to see what was best or preferred.

    After reading an article in PC Magazine it said that TMIS scored #1 in AntiVirus and Zone Alarm 4.5 was best to combine with it. Since I could not get Zone Alarm to work correctly I choose the following setup shown below.

    http://www.pcaudit.com shows the system as clear however when I checked for leaktests many went thru undetected.

    My current setup:
    Linksys BEFW11S4
    SP2 RC1 firewall disabled incase it would conflict with TMIS2004
    Trend Micro Internet Security 2004 ( Anti-Virus of the Same Brand )
    TDS-3
    Port Explorer
    Process Guard
    Spybot
    Ad-Aware
    Tauscan
    BoClean
    The Cleaner
    TrojanHunter
    A2 Free Edition
    HiJackThis198v2

    What would be the new recommended setup. I cannot use Zone Alarm 4.5 or 5.0 on my system, because even in learning mode after immediate install it will not let me connect to the internet.

    Any information is appreciated.
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Did you enable the firewall component in TMIS? That might explain the failure.
    Never ever activate two firewalls on one system (including Windowes firewall). So either TMIS firewall OR ZA OR Windows firewall.
    If you're running Linksys in firewall mode, don't even think of using Windows firewall, it adds nothing to your setup.
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Mike20041, Mike for a simple firewall that is low on resources and will protect your outbound connections I would suggest Kerio 2.1.5, it works well with NAT routers and provides outbound protection that is not provided by your router.

    There are also excellent pre-set rules available for Kerio 2.1.5 such as those by BlitzenZeuz which includes information about using them with a router.

    Use Process Guard to protect the main Kerio .exe.

    To make your router more stealthy you need to create a "black hole" In the Linksys this is relatively easy. :)
    In the DMZ settings select an IP address which is NOT used by your LAN a number such as 192.168.1.199 for instance and enable it. This creates a fiicticious address for unwanted connections.
    Then go to port forwarding and forward 80 - 80 to the IP address as above.

    Try the test sites now.

    As pointed out by Meneer never run two software firewalls toether as they can cause conflicts.

    HTH Pilli
     
  4. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi the Zone Alarm pro current beta [5.5.035.000] has full compatability with SP2, Also it shares the highest security rating of current firewalls.

    Microsoft has warnings on using Zone Alarm 4.5 with SP2, there are compatability issues.
     
  5. Mike20041

    Mike20041 Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    11
    Thank you for the information, I am going to give ZA 5.0 another shot and then try kerio 1.2.5, however on the kerio website they only seem to offer a KFP version 4.

    http://www.kerio.com/us/kpf_download.html

    Current version: 4.1.1
    Release date: September 29, 2004

    Since 2.1.5 was recommended should I still try that version or is it best to try the 4.1.1?

    I will definately take the advice on creating a blackhole for creating a ficticious IP from the router.
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Mike, Do a google search for Kerio 2.1.5 as it is no longer supported By Kerio but has an enthusiastic user support base.
    Personally I do not like Kerio 4 especially as Process Guard does the sandboxing of apps better IMHO.
    I cannot see the need for ZA with a router unless you like all the bells and whistles + resource usage that come with it. KISS comes to mind.
    Another nice low resource firewall is L & S who's support forums are here at Wilders.
    Don't forget to add your Anti Spyware programs, Javacools Tools are very good, again with the support forums here at Wilders. Spybot Search & Destroy compliment Javacool's tools very nicely.

    HTH Pilli
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
  8. Mike20041

    Mike20041 Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    11
    Just wanted to stop back in and say thanks, the kerio firewall is great and offers more control over outbound connections and application access.

    I do have another question concerning the port forwarding discussed above.

    I am using the firmware version 1.5.0

    The forwarding options I have available are:

    UnPnP Forwarding and a seperate called port range forwarding which can be used to forward ranges or one port itself.

    After testing both the UnPnP and regular forwarding they both seem to work, but which is better to use?

    Thanks again
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Mike, I am not familiar with your particular firmware. General certainly and you can do th UnPnP as well, worth a try :)
    When I use my old Linksys and am using a Port: 8080 proxy I also add that to forward to the blackhole with no problems.
    I am currently using a 3Com office connect wireless router which has different DMZ set up yet again i.e. different terminology, it appears that the different manufactures all use different terminology to achieve the same ends, so it seems that Linksys probably have slightly different terminolgy's within their own range :)

    HTH Pilli
     
  10. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    UPnP forwarding is more dynamic (can change things on the fly so to speak) and works with applications that use UPnP. The regular port forwarding is fixed at the ports defined.

    Regards,

    CrazyM
     
  11. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    From a security perspective, I would suggest you consider disabling UPnP completely. The reason is that if legitimate applications can choose to open a port through your firewall, then so can any malware - meaning that you lose the ability to block it from "phoning home" (which in many cases is the first indication people receive that something is amiss).

    Unfortunately some applications (specifically Microsoft MSN Messenger and Microsoft NetMeeting - see a pattern here?) seem to have the need to use an abnormally wide port range. If you *have* to use these applications, then you will need to bite the bullet and lower your security (using MS products pretty much does that anyway :().
     
Thread Status:
Not open for further replies.