hi,i thought of trying again Zone Alarm ,since i like the gui more than Sygate and don't plan to use p2p in the near future,all seems fine in port scan tests but any application that wants to go out is reported to want to connect to my DNS IP... Anyone else heard of this?Any solution?
yes zonealarm doesn't just monitor traffic to the internet it also monitors the traffic from your computer to your router. This is not a problem it is just another layer of protection.
As fraggedpumpkin stated, that is normal behind a router. Do you have auto-dhcp set up? I would suggest you make a static entry in you NIC to one of the router's private ip's, ie: 192.1681.10* subnet mask: 255.255.255.0 and gateway (192.168.1.*) and for the DNS entry, use the gateway (router) then instead of calling out for every name resolution, it will querry the router. Safer that way. Of course there are issues with DNS. Outpost is one firewall that handles DNS outbound well.... CU Jazzie
Thank you,but i don't have a router.I connect with ADSL USB modem...With every other firewall,and as far as i remember with older ZAs too,i see the IP of the site that the application wants to connect.Now i only see my DNS...Maybe i should reinstall.
You could put your ISP auto assigned DNS servers into the Trusted zone (Firewall-> Zone) and then go to Firewall-> Trusted-> Custom and select "Allow outgoing DNS'. Since you are not file/print sharing, then set the Trusted zone to high.
Very odd indeed Hyperion, are you sure you are using the slider correctly to bring all the info onto the page? You know that sometimes the column headings in the log 'concertina' together and need to be seperated? Try going along each heading in turn, right clicking, and dragging to the right.
Thanks for the replies.Now,i have ZAF,so i can't make specific rules.I uninstalled and installed it again with no difference.I used Active Ports to monitor the connections.All is normal.My browser went the IP of my home page normally,but Zone Alarm gave me warning that wanted to connect to my DNS IP.The same happens with my mail notifier,although through active ports i see that connects to the normal IPs that should (yahoo pop3 etc). So,either this version of ZA has a bug on my PC,or there is some software i uninstalled did a mess to my PC.I formatted everything last Sunday and i tried some AVs.Practically i uninstalled PC-Cillin 2002 (because was in conflict with ZA and ZA wouldn't install-gave me a notification).I also uninstalled Panda.THen i used SafeXP and i also checked there an option that had something to do with the DNS (something like "secure from DNS sppofing"?).Maybe one of these operations caused something,cause i ve another strange issue too.When i login in WinXP Home,the little window doesn't appear automatically as used to do,but now i have to click on my icon to make it appear (and it's anoying me).Next week i ll format everything again. But just in case,in the meantime,i ll try ZAF 4.5. @TopperID: I m not sure i understand what you say.I m not refering to the log of intrusions.I m talking of the pop up notification window that asks permission for a program to go out.Sorry if i wasn't clear enough.Practically all applications appear to be outgoing towards my DNS IP,while in reality this isn't true as i verified with Active Ports.
Does anyone know if i can find somwhere the lastest ZAF of the 4.5 series(unfortunately i don't remember the detailed version number) and if it's SP2 compatible? (I don't mind about the Security centre not recognizing it,i have it disabled anyway)?I went to Zone labs forum but i only find pdfs of older versions...
SP2 compatibility was added in 5.1, here is link to their release history, it only lets you download the latest versions for 4.5, 5.1 and the last 2 versions of 5.5. http://download.zonelabs.com/bin/free/information/zap/releaseHistory.html
THanks a lot.THe first 5.x versions were very buggy from what i ve read.I think i ll format next week and put the new one again... I tried putting my DNS in trusted zone,but keeps tellling me that all applications want to log to that IP...
hyperion are you on dsl or cable?? and what type of modem are you using?? if you are on dsl most of the newer modems have built in routers and some cable do as well. also if you have vonage or another form of telephone over the internet it may also have one as does my linksys. i have heard this many times before and once people checked they did infact have a router. not saying you do not know but just a though. i had way to many issues with any zone stuff newer than 4.5. gave up on them stopped trying. ill be honest i really did try every firewall out there including some very expensive ones we use for or networks. i tried them all and ended up with outpost. some may not agree but once you play with it for a bit not very long you will see how easy it really can be. offers better protection than za in my opinion and you can download one that will continue to work just without all of the add ons. i dont currently have a link for this as i use the pay version but i do know people using it. try it out. za is a good firewall not bashing it it just would never cooperate with me and what i wanted from it. always had issues and it tends to be a hog of a program. also try kerio 4.1.3 very easy gui and that is always free again just without the content and ad blocking but great firewall. wish i could help you with za but my za days are long over
@Zfactor Thank you for your post.I have ADSL on PSTN line and i ve the same USB modem for 3 years now.Ericsson B-Quick 120dhp.Unless a miracle happened,it has no router.My first firewall was ZA and i always was getting normal pop ups with the IP of the destination site.Then i used Kerio 2.1.5 for a time,but was instable when i put XP (a dll i think).Since then i usually used Sygate and again,all the popups were showing the normal destination IP.Now that i decided to try ZA again,i get this. I might try Kerio 4.1.3 before formatting,although the main reason i dropped Sygate was that i wanted to avoid even the small 3% CPU usage that i have with Sygate to a lighter 0% of ZAF I ve Athlon 2500 with 1Gig RAM 333Mhz dual channel but i do everything i can to keep my system as light as possible and last time i had tried Kerio 4.0.x it was about 30 MB Ram and unstable (BSODs),so i don't trust it much.I was using the betas too at Kerio's forum but after a point i lost my patience with them.But i ll give it a try.I had also tried Outpost 2.X but didn't like the GUI much and had my doubts about the attack detection module. Anyway,if after the format ZA does still the same,well,seems it's not entirely my system's fault and i guess i ll go back to Sygate (or Kerio 4.1.3 if i see it's stabler than it was). Thanks for the help!
Well,at the end i decided to reformat today and nothing changed.I ve only the drivers installed and one application that wants internet outbound connection for testint,no other application and ZA asks for permission to go to my DNS IP for it... Time for me to uninstall it untill version 6.
I know,don't misunderstand me.I m greatful that you spared soe time to read my thread and propose solutions. In any case,i m running Kerio 2.1.4 (with not remote admin,was always more stable on my pc than 2.1.5) right now,and hope i won't have crashes,since i won't be using p2p for some time now,so the work load shound' t be high. I made a very very light configuration and i ve never seen my PC load Windows so fast. Running: AntiVir as resident,Kerio 2.1.4,a mail notifier,WinPatrol,HDD Health,RegProt,and a net meter. On demand:Avast home,ClamWin,Ewido,A squared.(all with their service disabled in control pannel so they don't take any resources unless launched manually). If it keeps stable i will be most satisfied. I can almost feel it lighter PS:Of course with Kerio i now get the IP requests that i should.
Hyperion, long thread, not sure if still discussing the same problem, was getting somewhat router technical, but have you tried the Advanced settings under the firewall tab, then checking "Allow outgoing DNS/DHCP in Trusted Zone in High Setting" (if you put your ISP DNS in the trusted zone) or the other one "Allow outgoing DNS/DHCP in Internet Zone in High Setting" if you ISP DNS is not in the trusted zone.