firewall/network question

[amberlynn]

Hello,
I have a desktop & laptop connected to a router. I have no problem sharing an internet connection.
I have Zone alarm installed as a firewall, and it's preventing me from moving data back and forth between the two computers. If I disable it, I can access files between computers and print, but if not, it won't work.
How can I keep ZoneAlarm running, and still access files between computers?
TIA.
amber

 

[bcastner]

ZoneAlarm Pro/Plus: Click Firewall -> Zones. If the network adapter is listed, you can right-click on that name and change the setting to Trusted Zone.

If you have resources such as printers attached to your computer that others on the network need access to we recommend that you disable the ZoneAlarm Automatic Lock feature via the Lock Panel. When engaged, the Automatic Lock will block access to these resources from the Trusted Zone. Also, if the printer has an IP address assigned, be sure that IP is included in the Trusted Zone.

Note that using the Lock Feature will block all Local and Internet activity, and should not be used on a LAN in most cases. It can also cause loss of your Internet connection by blocking your ISP's DHCP server.

 

[amberlynn]

I am using the free version of Zone alarm...
Does this change things?
amber

 

[bcastner]

No.

 

[GDGarth]

bcastner:

I have a network with both wired and wireless computers (4 total), sharing an internet connection with Windows Internet Connection Sharing. I've got a couple of questions about ZoneAlarm:

1. Right now, I'm just running the firewall on the computer with ICS installed - not all the client computers. Is that OK (it interferes with the network operation if it's running on the others, unless I turn the security settings down to where they don't do any good).
2. I've set the "Zone" for the network adapter that connects to the cable modem to "Internet", and all the rest to "Trusted". How can I tell for sure that I'm protected?
3. To get everthing to work, I had to set the internet security level to "Medium", meaning I'm blocked but visible. If I set it to "High", nothing works. Is that normal?
4. Should I upgrade to ZoneAlarm Pro?
5. I'm running ICS on a PII, 266 with Windows 98. I'm getting a new, high power, desktop with Windows XP Pro. Shoule I use it for ICS, or keep using the older computer? What are the advantages/disadvantages of changing it?

Thanks for the help - from reading your posts, you're one of the most helpful here.

 

[bcastner]

GdGarth,

If you are moving the ICS Host machine to XP, take the next step and get a wireless router.

It is likely you only need an 802.11b wireless router with four ports, and this would set you back perhaps US $25 anymore.

In any case, behind ICS (or your new router) you have the protection of NAT'd private IP addresses.

The only real purpose of a firewall at this point would be to act as a good net citizen and prevent worms, trojans or malware of any sort from broadcasting out from your LAN computers.

Your internally connected machines have reasonable protection against traditional invaders. Focus your attention of email and browser hijack attempts. No firewall will protect you against either. Keep current on the OS Hotfixes announced, and apply them.

 

[GDGarth]

I've got a router, but I couldn't connect to the internet after hooking it up (I tried EVERYTHING on every help file I could find). I finally configured it in "bridge" mode, and enabled ICS. It works fine, but I'm annoyed that I couldn't make the router work.

If I understand you correctly, I am OK with Zonealarm installed on only the host computer (but I still need that, correct?). Should I make the new XP machine the host, or just leave it the way it is?

 

[toned]

Amber, GDGarth,

If you're using a router, you should delete the bridge and disable ICS.
If you have a Cable Modem, then you don't need to configure the router.
If you have DSL modem, then you need to configure the router for PPPOE.
In either case, all machines would be set to get IP addresses automatically from the DHCP server which is the router.

If your router has a "Firewall" feature built in, it may interfere with your ZoneAlarm firewall.

I have an SMC router, and also Norton Internet Security 2003 Pro. I had to disable the Firewall & Internet Intrusion in the Norton NIS, because I could't access the internet. I'll have to play around with the settings to see why that happens.

I tested my router internet security at 3 online security test sites, and all my ports were "Stealthed".
This was on my other computer that does NOT have Norton NIS, only the router firewall is protecting it.
These are the 3 sites I used to test:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

http://scan.sygate.com/probe.html

(TCP & UDP scans took about 30 minutes, for me)

https://grc.com/x/ne.dll?bh0bkyd2

I bought Norton 2003 NIS pro, because it has Norton antivirus Pro, Anti-spam & popup blocker built in.

 

[GDGarth]

I've got a router, but I couldn't make it work (I turned off the firewall, and it still didn't work). So I installed ICS, and changed the router over to bridge mode to tie the wireless and wired networks together.

In bridge mode, the router firewall function is disabled (besides, the ICS host computer is before the bridge, so would be exposed anyway).

Like I said, it all works, but I'm frustrated that the router doesn't work the way it's supposed to. I'm sure there's just some little thing I'm missing, but I sure can't figure it out. Interestingly, I have a few friends who've got routers. Several of them couldn't get it to work, and some could. All of the succesful ones got some network guru to come over and make it work, and none of them know exactly how they did it (although one said he had to manually edit his registry).

 

[sumoalex]

bcastner:
I have the exact problem as the threadstarter, and I followed your instructions to add the network adapters to the trusted zone in Zone Alarm on each computer, and still my two computers cannot see each other in Network Neighbourhood.

What else could it be? File and printer sharing is enabled on both machines.

 

[bcastner]

sumoalex,

Can the workstations see each other with Zone Alarm disabled?

See Steve Winograd's notes on networking:

http://www.practicallynetworked.com/sharing/xp_filesharing/index.htm