Zonealarm Pro Expert rules

Discussion in 'Home Networking' started by Clint Sharp, Feb 26, 2005.

  1. Clint Sharp

    Clint Sharp Guest

    The network;

    Router
    | 192.168.0.3
    |
    | 192.168.0.1
    ICS Gateway with ZA Pro on Win 2K
    | 192.168.1.1
    |
    |
    Rest of network


    Rest of network is a legacy setup of 12 machines with static IP
    addresses. The question;
    Is it possible to prevent one machine on the 'Rest of network' segment
    from accessing the Internet via 192.168.0.1 but still have access to
    shares on 192.168.1.1 with expert rules on ZA Pro?
     
    Clint Sharp, Feb 26, 2005
    #1
    1. Advertisements

  2. Clint Sharp

    mikeFNB Guest

    sorry don't know za pro only free one.
    however, could you not just disable internet connection directly on the one
    machine by setting IE6 connection tab to a silly setting.

    mnike
     
    mikeFNB, Feb 26, 2005
    #2
    1. Advertisements

  3. Clint Sharp

    Chris Guest


    I'm no expert but you could try this:

    In the Expert Rules, Add a New Rule and then set it as follows:

    Name: IP Block (or similar)
    State: Enabled
    Action: Block
    Track: Log
    Source: IP Address of machine you want to block Internet access.
    Destination: Trusted Zone & Internet Zone
    Protocol: Any
    Time: Any

    Click OK and you should see the rule.

    Make sure you Save the changes by changing to another tab and clicking OK on the alert box that pops up.

    Hope this works - haven't tested it.

    --
    Regards,
    Chris.

    www.bororules.co.uk
    www.lascoronas10.co.uk
     
    Chris, Feb 27, 2005
    #3
  4. Clint Sharp

    NBT Guest

    I also am no expert ,main family machine runs Pro remainder Free, but won't
    this rule prevent any sharing with the "Rest of the Network" assuming the IP
    range is in the "Trusted " zone.
    I am not quite certain what you mean by preventing access to the Internet
    ,do you just wish to prevent Browser access (HTTP)?If so you could write a
    blocking rule for your browser under program options.
    You will need to consider what ports you wish to leave open before you write
    your rules if you require something else.

    nbt
     
    NBT, Feb 27, 2005
    #4
  5. Clint Sharp

    Clint Sharp Guest

    I only want to stop access to the Internet, I want to be able to see a
    share on the gateway, so I set Internet Zone only
    Unfortunately it doesn't, it would seem to be perfect from the
    description but it just doesn't work, I've even gone as far as building
    a new test network with ZA Pro on a W2k ICS gateway just in case there's
    a silly I've missed, but no matter what I set ZA with, I cannot stop
    internet access on the client machine without stopping access to the
    shares on the gateway.
    Zonealarm Pro in the bin. Any suggestions?
     
    Clint Sharp, Feb 27, 2005
    #5
  6. Zonealarm or Kerio
     
    Colin Copland, Feb 27, 2005
    #6
  7. Clint Sharp

    Odie Ferrous Guest

    Keep it there.

    After a gap of a couple of months (used ZA for years, always had some
    issues with it) I renewed my ZA subscription.

    By the end of the day I had reformatted and reinstalled without ZA.

    Asked for a refund, but don't expect to hear back from ZA. (Never once
    had a tech support question answered in the three years I had their
    paid-for software.)

    It is STILL full of bugs, hogs system resources, causes all sorts of
    problems, and their tech support is non-existent.

    May ZA go to hell.

    Kerio, by comparison, is superb.


    Odie
     
    Odie Ferrous, Feb 28, 2005
    #7
  8. Clint Sharp

    Chunky Guest

    Forget that - give Sygate Personal Firewall a try.
    www.sygate.com - link under "home networks" or something on the bottom left
    of the screen...

    Free, and nagless. V. good, and can be configured easily.

    Chunks.

    PS: Odie - will get in touch RE: drives soon - got my nan's funeral today.
     
    Chunky, Feb 28, 2005
    #8
  9. Clint Sharp

    NBT Guest

    I am using ZAP5.5.062.011

    If I create this I block my Browser from accessing web pages on the Internet

    In General
    Rank 1
    State enabled
    Name Browser Block
    Action Block
    Comments and Track none (optional)

    Source My Computer
    Destinations Trusted and Internet Zones

    In Protocol (modify)
    Protocol TCP
    Description Browser
    Destination Port HTTP 80
    Source Port HTTP 80

    Time Any

    nbt
     
    NBT, Feb 28, 2005
    #9
  10. Clint Sharp

    NBT Guest

    I am using ZAP5.5.062.011

    If I create this I block my Browser from accessing web pages on the Internet

    In General
    Rank 1
    State enabled
    Name Browser Block
    Action Block
    Comments and Track none (optional)

    Source My Computer
    Destinations Trusted and Internet Zones

    In Protocol (modify)
    Protocol TCP
    Description Browser
    Destination Port HTTP 80
    Source Port HTTP 80

    Time Any

    nbt
     
    NBT, Feb 28, 2005
    #10
  11. Clint Sharp

    Alex Fraser Guest

    Find out what addresses "Internet Zone" corresponds to. If that doesn't help
    solve the problem, try a pair of rules:

    1. Allow anything from <address of machine to block> to <address of ICS
    machine>.
    2. Block anything from <address of machine to block> to any address.

    FWIW I couldn't make sense of the diagram in your original post. I thought
    ICS forced the non-shared interface to have an address of 192.168.0.1, but
    the diagram implied it was 192.168.1.1.

    Alex
     
    Alex Fraser, Feb 28, 2005
    #11
  12. Clint Sharp

    Clint Sharp Guest

    Are you using it on an ICS gateway though?
    It's not just HTTP that needs blocking though, I need to block certain
    private IPs on the internal network from accessing the internet via the
    ICS gateway and still have two shares visible on the gateway.
     
    Clint Sharp, Feb 28, 2005
    #12
  13. Clint Sharp

    NBT Guest

    ZAP is set up as a client of an ICS gateway
    My knowledge is limited but I don't fully understand what aspects of the
    Internet you wish to Block.If you Block an IP per se you automatically will
    block the ports used for file and printer sharing and other functions
    http://www.petri.co.il/well_known_port_numbers.htm. You need to decide what
    functions and ports you require and allow those and block the remainder
    ,this may require adding several rules.

    nbt
     
    NBT, Feb 28, 2005
    #13
  14. Clint Sharp

    NBT Guest

    You could always try this but it will block any "Intranet" mail server
    and other functions but may allow file sharing.

    In General
    Rank 1
    State enabled
    Name File Share
    Action allow
    Comments and Track none (optional)

    Source My Computer
    Destinations Trusted and Internet Zones

    In Protocol (modify)
    Protocol TCP
    Description FS1
    Destination Port TCP 139
    Source Port TCP 139

    In Protocol (modify+add Protocol)
    Protocol TCP
    Description FS2
    Destination Port TCP 445
    Source Port TCP 445

    In Protocol (modify+add Protocol)
    Protocol UDP
    Description FS3
    Destination Port UDP 137
    Source Port UDP 137

    In Protocol (modify+add Protocol)
    Protocol UDP
    Description FS4
    Destination Port UDP 138
    Source Port UDP 138

    Time Any

    In General
    Rank 2
    State enabled
    Name Port Block
    Action Block
    Comments and Track none (optional)

    Source My Computer
    Destinations Trusted and Internet Zones

    In Protocol any

    Time any

    Depending on your version of ZAP you will need to "Apply" this rule.
    In my limited understanding ZAP performs the rules by order of rank so
    rank 1 ,allowing file sharing ,should be performed before any blocking
    takes place under rank 2.

    I have been unable to test this as my ZAP machine had a p.s.u. failure
    last night.

    nbt
     
    NBT, Mar 1, 2005
    #14
  15. Clint Sharp

    NBT Guest

    Rule 1
    Rule 2
    In case it wasn't obvious this is 2 rules ,one of each rank,and you will
    need to apply them individually.
     
    NBT, Mar 1, 2005
    #15
  16. what platform are you using it on - I've been using ZAPro on NT then
    2K then XP for years, and don't get any of these problems. Right now
    its using negligible system resources (10MB memory, 0% CPU). I did
    find early releases of V4 and then of V5 were awful but thats normal -
    never buy early releases of any software...
    Grin. Whereas Kerio was binned within a week for the same reasons you
    rejected ZA... :)
     
    Mark McIntyre, Mar 1, 2005
    #16
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.