Zone Alarm problem

Discussion in 'other firewalls' started by Hyperion, Apr 12, 2005.

Thread Status:
Not open for further replies.
  1. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    hi,i thought of trying again Zone Alarm ,since i like the gui more than Sygate and don't plan to use p2p in the near future,all seems fine in port scan tests but any application that wants to go out is reported to want to connect to my DNS IP...

    Anyone else heard of this?Any solution?
     
  2. yes zonealarm doesn't just monitor traffic to the internet it also monitors the traffic from your computer to your router. This is not a problem it is just another layer of protection.
     
  3. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    As fraggedpumpkin stated, that is normal behind a router. Do you have auto-dhcp set up? I would suggest you make a static entry in you NIC to one of the router's private ip's, ie: 192.1681.10* subnet mask: 255.255.255.0 and gateway (192.168.1.*) and for the DNS entry, use the gateway (router) then instead of calling out for every name resolution, it will querry the router. Safer that way. Of course there are issues with DNS. Outpost is one firewall that handles DNS outbound well....

    CU
    Jazzie
     
  4. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Thank you,but i don't have a router.I connect with ADSL USB modem...With every other firewall,and as far as i remember with older ZAs too,i see the IP of the site that the application wants to connect.Now i only see my DNS...Maybe i should reinstall.
     
  5. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    You could put your ISP auto assigned DNS servers into the Trusted zone (Firewall-> Zone) and then go to Firewall-> Trusted-> Custom and select "Allow outgoing DNS'. Since you are not file/print sharing, then set the Trusted zone to high.
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Very odd indeed Hyperion, are you sure you are using the slider correctly to bring all the info onto the page? You know that sometimes the column headings in the log 'concertina' together and need to be seperated? Try going along each heading in turn, right clicking, and dragging to the right.
     
  7. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Thanks for the replies.Now,i have ZAF,so i can't make specific rules.I uninstalled and installed it again with no difference.I used Active Ports to monitor the connections.All is normal.My browser went the IP of my home page normally,but Zone Alarm gave me warning that wanted to connect to my DNS IP.The same happens with my mail notifier,although through active ports i see that connects to the normal IPs that should (yahoo pop3 etc).

    So,either this version of ZA has a bug on my PC,or there is some software i uninstalled did a mess to my PC.I formatted everything last Sunday and i tried some AVs.Practically i uninstalled PC-Cillin 2002 (because was in conflict with ZA and ZA wouldn't install-gave me a notification).I also uninstalled Panda.THen i used SafeXP and i also checked there an option that had something to do with the DNS (something like "secure from DNS sppofing"?).Maybe one of these operations caused something,cause i ve another strange issue too.When i login in WinXP Home,the little window doesn't appear automatically as used to do,but now i have to click on my icon to make it appear (and it's anoying me).Next week i ll format everything again.

    But just in case,in the meantime,i ll try ZAF 4.5.


    @TopperID:
    I m not sure i understand what you say.I m not refering to the log of intrusions.I m talking of the pop up notification window that asks permission for a program to go out.Sorry if i wasn't clear enough.Practically all applications appear to be outgoing towards my DNS IP,while in reality this isn't true as i verified with Active Ports.
     
  8. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Does anyone know if i can find somwhere the lastest ZAF of the 4.5 series(unfortunately i don't remember the detailed version number) and if it's SP2 compatible? (I don't mind about the Security centre not recognizing it,i have it disabled anyway)?I went to Zone labs forum but i only find pdfs of older versions...
     
  9. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
  10. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    THanks a lot.THe first 5.x versions were very buggy from what i ve read.I think i ll format next week and put the new one again...

    I tried putting my DNS in trusted zone,but keeps tellling me that all applications want to log to that IP...
     
  11. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Sorry Hyperion, I managed to completely misunderstand what you wrote :oops:
     
  12. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    hyperion are you on dsl or cable?? and what type of modem are you using??
    if you are on dsl most of the newer modems have built in routers and some cable do as well. also if you have vonage or another form of telephone over the internet it may also have one as does my linksys. i have heard this many times before and once people checked they did infact have a router. not saying you do not know but just a though. i had way to many issues with any zone stuff newer than 4.5. gave up on them stopped trying.
    ill be honest i really did try every firewall out there including some very expensive ones we use for or networks. i tried them all and ended up with outpost. some may not agree but once you play with it for a bit not very long you will see how easy it really can be. offers better protection than za in my opinion and you can download one that will continue to work just without all of the add ons. i dont currently have a link for this as i use the pay version but i do know people using it. try it out.
    za is a good firewall not bashing it it just would never cooperate with me and what i wanted from it. always had issues and it tends to be a hog of a program. also try kerio 4.1.3 very easy gui and that is always free again just without the content and ad blocking but great firewall.

    wish i could help you with za but my za days are long over
     
  13. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    @Zfactor

    Thank you for your post.I have ADSL on PSTN line and i ve the same USB modem for 3 years now.Ericsson B-Quick 120dhp.Unless a miracle happened,it has no router.My first firewall was ZA and i always was getting normal pop ups with the IP of the destination site.Then i used Kerio 2.1.5 for a time,but was instable when i put XP (a dll i think).Since then i usually used Sygate and again,all the popups were showing the normal destination IP.Now that i decided to try ZA again,i get this.

    I might try Kerio 4.1.3 before formatting,although the main reason i dropped Sygate was that i wanted to avoid even the small 3% CPU usage that i have with Sygate to a lighter 0% of ZAF :) I ve Athlon 2500 with 1Gig RAM 333Mhz dual channel but i do everything i can to keep my system as light as possible and last time i had tried Kerio 4.0.x it was about 30 MB Ram and unstable (BSODs),so i don't trust it much.I was using the betas too at Kerio's forum but after a point i lost my patience with them.But i ll give it a try.I had also tried Outpost 2.X but didn't like the GUI much and had my doubts about the attack detection module.

    Anyway,if after the format ZA does still the same,well,seems it's not entirely my system's fault and i guess i ll go back to Sygate (or Kerio 4.1.3 if i see it's stabler than it was).

    Thanks for the help!
     
  14. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Well,at the end i decided to reformat today and nothing changed.I ve only the drivers installed and one application that wants internet outbound connection for testint,no other application and ZA asks for permission to go to my DNS IP for it...

    Time for me to uninstall it untill version 6.
     
  15. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    no prob just checking most dont realize they have a built in router so i mentioned it.
     
  16. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    I know,don't misunderstand me.I m greatful that you spared soe time to read my thread and propose solutions.

    In any case,i m running Kerio 2.1.4 (with not remote admin,was always more stable on my pc than 2.1.5) right now,and hope i won't have crashes,since i won't be using p2p for some time now,so the work load shound' t be high.

    I made a very very light configuration and i ve never seen my PC load Windows so fast.

    Running: AntiVir as resident,Kerio 2.1.4,a mail notifier,WinPatrol,HDD Health,RegProt,and a net meter.

    On demand:Avast home,ClamWin,Ewido,A squared.(all with their service disabled in control pannel so they don't take any resources unless launched manually).

    If it keeps stable i will be most satisfied. :D I can almost feel it lighter :)

    PS:Of course with Kerio i now get the IP requests that i should.
     
  17. DannyB

    DannyB Guest

    Hyperion, long thread, not sure if still discussing the same problem, was getting somewhat router technical, but have you tried the Advanced settings under the firewall tab, then checking "Allow outgoing DNS/DHCP in Trusted Zone in High Setting" (if you put your ISP DNS in the trusted zone) or the other one "Allow outgoing DNS/DHCP in Internet Zone in High Setting" if you ISP DNS is not in the trusted zone.
     
Loading...
Thread Status:
Not open for further replies.