cancel
Showing results for 
Search instead for 
Did you mean: 

Firewall compatibility

boone70
Grafter
Posts: 81
Registered: ‎25-07-2007

Firewall compatibility

I have just started using a laptop  (OS Vista home premium) with windows firewall and trial version of Norton installed. When I tried wireless sharing printers and files with my XP pc I had to shut down Zone Alarm on the pc but I was able to get through the windows firewall on the pc. My question is, if I install Zone alarm on the laptop will I be able to share or is it the vista operating system that is causing the block. I would like to use Zone alarm on both computers as I am familiar with it.
17 REPLIES 17
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Firewall compatibility

I had a network sharing set up on two XP laptops, two day ago I had an auto update of Zonealarm on both machines, one of the the more powerful lost the Network places and I then hunt around to find it, then both machines had Zonealarm block input from 192.168 (the router), really made me scratch my head to get it working again Crazy
Santiago
Grafter
Posts: 3,291
Thanks: 2
Registered: ‎10-08-2007

Re: Firewall compatibility

Couple of things
Have you set a network up or are you just trying an ad hoc connection?
There is a  thread running here about networking you might want  to read. There is also some links to networking support there. The windows newsgroups were very useful for me when I was struggling with networking my machines.
I removed the Norton from my Vista laptop as it was causing me lots of problems.
Unless the version of Zone Alarm (is it the suite?) on your XP machine is quite new it won't run on the Vista machine.
There are good free firewalls and AV around. If you want to go with the Zone labs you could get a Vista version.
I would set up (or reset up) the network from scratch ensuring whatever firewalls you use are set for sharing.
I am using ESET and that gives you a simple two option page - allow or not. Zone labs allows you to set an IP address into it's trusted zone, go to Firewall/zones/add- add the ip of the other machine.
When you get your network connected make sure you set up the wireless security, wpa is best. Your laptop will be set up for that.
You will hear people criticising Zone labs for being arkward in network set ups. If you set it up as described you won't have a problem.
If you are using Zone Alarm turn off the windows firewall. I hope that helps you. Let us know how you make out
@Pierre_Pierre
I have stopped using Zone labs for the reasons you mention. The older version were great but since they developed it for vista too it was very problematic and became a massive resource hog so I ditched it from 4 machines. My son still uses it but he has kept an older version which he does not update.


boone70
Grafter
Posts: 81
Registered: ‎25-07-2007

Re: Firewall compatibility

I have successfully set up a home network but I have to switch off ZA and switch on xp firewall. Do you think that is safe while I am using home network?
I have read the thread you directed me, to it is very informative but I am still quite confused.
Santiago
Grafter
Posts: 3,291
Thanks: 2
Registered: ‎10-08-2007

Re: Firewall compatibility

I don't think it is good practice to be switching between firewalls, or very convenient!
I believe the answer to your problem is just a simple configuration of Zone Alarm
The Zone Alarm firewall allows you to enter your computers IP addresses into the "trusted zone"
Is it the security suite including antivirus firewall etc or is it the stand alone firewall that you have?
This is the Zone Alarm user Forum
Have a look at this to familiarise your self with the Zone Alarm set up.

pjemmanuel
Grafter
Posts: 354
Thanks: 2
Registered: ‎05-04-2007

Re: Firewall compatibility

Quote from: boone70
I would like to use Zone alarm on both computers as I am familiar with it.

On the PCs with ZoneAlarm, open up the Zone Alert window and go to the Firewall->Zones tab. Find your network card/wireless card in the list, it may be the only one there or there may also be the loopback connection (127.0.0.1). Left click your network/wireless connection in the Zones column (it may read Internet now) and select "Trusted". This will bring your local area network into the trusted zone which is the simplest way to allow file and print sharing.
Bear in mind also that the workgroup name should be set the same on both computers, and if memory serves the DEFAULT workgroup name for XP is not the same as the default name for Vista.
boone70
Grafter
Posts: 81
Registered: ‎25-07-2007

Re: Firewall compatibility

Thanks for all the advice, I have configured ZA  now and all is well.
Not applicable

Re: Firewall compatibility

Hmm, if you are running a network behind an SPI firewall (the type included in most internet router/modems these days) all that your local firewall is effectively doing is protecting your machine from any infected PC on your network (and depending upon the configuration, also protecting other PCs on your network from yours, should it become infected).
Thus, if you tell your firewall to explicitly trust the other computers on your network, you are mitigating much of the usefulness of the firewall.
If you are using WiFi you might argue that there is a chance that you might get somebody hacking into your wireless network who is infected - but if you've followed the steps above [from @Phil_E], you've told ZA to trust any traffic from that connection anyway. (Ask youself: Where would any traffic that you didn't want to allow onto your computer be coming from? Or to ask the question another way: What is your firewall doing if its not protecting the only connection your computer has with the outside world?)
No point fitting fancy locks, then wedgingthe door open....
If the method mentioned by @Phil_E is the preferred method, you might as well save the processing overhead and turn off the firewall altogether.
boone70
Grafter
Posts: 81
Registered: ‎25-07-2007

Re: Firewall compatibility

Thanks for your comments James, I am more confused than ever. What I have done was to look at the blocked connection in ZA logs found the one that referred to my laptotop and made it a trusted connection. Does that mean I have exposed myself to anything other than my home network?
Regards Eric.
paulby
Grafter
Posts: 1,619
Thanks: 1
Registered: ‎26-07-2007

Re: Firewall compatibility

Quote
Does that mean I have exposed myself to anything other than my home network?

No.  Your router will give you inbound firewall protection from the public internet (as will enabling PN's firewall from the member centre) and, if you've secured your wireless network properly there should be little chance of anything getting in from there (there is a slim chance but some ne'er-do-well would need to be determined enough to hijack your connection - much easier for him to jump on an unsecured network elsewhere!) .
Zone Alarm is a two way firewall.  The advantage of using it is that it'll flag up any changed or unknown programs tyring to access the internet from your PC.  However, this can lead to lots of pop-ups asking if such and such a program can access the internet and people just clicking "Yes" or "No" randomly to get rid of the box (I know of one person that denied Outlook access to the internet as he didn't think e-mail was "the internet" then complained that his e-mail wasn't working!).
Basically, if you know what you're up to and are happy to tell ZA what's what then it will give you a bit of security against anything that's managed to get on your system and wants to "phone home".  If not, you can set it not to tell you and it'll provide inbound protection only.
Not applicable

Re: Firewall compatibility

The good news is that its unlikely that you've caused a problem, but its more likely that you've mitigated any usefulness of ZA on your machine.
If the only connection between the internet and your network is via a firewall router, your network, and therefore your laptop should be safe from external attacks. (Is this the case?)
However, if one of the machines on your network contracts a virus (for example via a malicious web page, or dodgy email) it will have the potential to spread across your network - you've told ZA that traffic from the other computers on your network is to be trusted. Wink (Are you certain that none of the machines on your network will ever get infected?)
So if your firewall trusts all traffic on your network, there is no point having the local firewall at all is there? The only firewall you are using is the one built into the device connecting your network to the outside world.
You either want to configure the firewall so it only allows specific traffic between specific machines on specific ports, or you might as well turn it off altogether.
An open door is not a door - its a doorway!
paulby
Grafter
Posts: 1,619
Thanks: 1
Registered: ‎26-07-2007

Re: Firewall compatibility

@James_H
If it's installed on a laptop I'd generally leave it on (or certainly try to remember to switch it on) if it's likely the machine will be taken "off-net" and used in a hotel, at a wi-fi hotspot etc. or there's any chance that a dial-up connection will be used e.g. during a broadband fault or in hotels etc. where there is only dial-up access (likewise on a desktop for dial-up access if there's a broadband fault).
boone70
Grafter
Posts: 81
Registered: ‎25-07-2007

Re: Firewall compatibility

James, Perhaps I should start from the begining.--- I have the trial version of Norton Internet security 2008 installed on the laptop. I have ZA free. on the PC. The only connection I have with the internet is through a firewall protected modem router. I have allowed ZA to accept connection (printing & file sharing) from the laptop. If this is dogey would you go the full hog and install paid for Norton on all computers. If not what would be your preferred solution?
Regards Eric.
pjemmanuel
Grafter
Posts: 354
Thanks: 2
Registered: ‎05-04-2007

Re: Firewall compatibility

Quote from: James_H
No point fitting fancy locks, then wedging the door open....

I get what you're saying James, but with the SPI firewall in the router in addition to the MAC filtering and the very strong WPA network key, if I can't trust the computers on the local net, what can I trust?
I admit I only ever used Zone Alert to monitor outgoing connections on the individual PCs. I can understand the desire to lock down the network tightly, but if it stops you from doing what you want to do - share files and printers etc, then you probably need to undo a handful of locks - there will always be some compromise between usability and security.
In my case, this is no longer an issue for me because I had to uninstall Zone Alert recently because it will not work with the current version of Kaspersky AV, so I'm back to the XP firewall.
pierre_pierre
Grafter
Posts: 19,757
Thanks: 3
Registered: ‎30-07-2007

Re: Firewall compatibility

As I said earlier, I did have a problem with the recent upgrade of  Zone alarm on my XP machines, but i have set the trusted zone to be just the two machine, i.e. 192.168.1.2 and 192.168.1.3  I did not set it to just 192.168  I also have AVG virus detect and 128 bit WEP, so lets hope that is secure