- www.donhoover.net Home Page
- ZoneAlarm Help
- ZoneAlarm Help Home
- ZoneAlarm Overview Section
- Main
- Product Info
- Preferences
- ZoneAlarm Firewall Section
- Main
- Zones
- Expert
- ZoneAlarm Program Control Section
- Main
- Programs
- Components
- ZoneAlarm AV/AS Section
- Main
- Quarantine
- Spy Site Blocking
- ZoneAlarm Parental Control Section
- Main
- Categories
- ZoneAlarm Browser Security Section
- Forcefield
- ZoneAlarm E-mail Protection Section
- Main
- Attachments
- ZoneAlarm Identity Protection Section
- Main
- myVAULT
- Trusted Sites
- ZoneAlarm Alert and Logs Section
- Main
- Log Viewer
- Creating Expert Rules
In this page you can set the global options for the firewall. Internet Zone is generally all the computers outside your computer or LAN. The trusted zone is the area either inside your LAN or just your computer. The trusted zone should be left on medium unless you are prepared to enable every single TCP connection your computer uses. Your computer talks to itself via TCP more than you suspect. You can tell this kind of communication because it shows up as going to or coming from 127.0.0.1. The other IP address is whatever your computer is set to use, generally 192.168.0.1 unless you change it deliberately. The Blocked Zones are just that, blocked. You can no longer go to that location.
If you click the Custom button in the internet zone you will see this window.
It is actually split into two section, high, and if you scroll down medium. If you are on high, then you can change the settings in the high area, and if you are on medium, then you can change the medium settings. If you change the settings for the other section, it will not make a difference.
If you click the Custom button in the trusted zone you will see this window.
The setup of settings here is done the same way it is done in the internet zone. It is actually split into two section, high, and if you scroll down medium. If you are on high, then you can change the settings in the high area, and if you are on medium, then you can change the medium settings. If you change the settings for the other section, it will not make a difference.
If you click the Advanced button in the trusted zone you will see this window.
This can be one of the strangest part of the firewall, because it spans so many different settings. First is the gateway enforcement. This checks to see if you have a router that is compatible. If it is, It will work with ZA to better protect you. If it is not compatible nothing will happen.
Next is the Internet Connection Sharing. The first option is This computer is not on an ICS/NAT Network. This is normally a stand alone computer or a computer connected thru a router where the router does the DHCP, so internet connection sharing is not turned on. The next selection is This is a client of an ICS/NAT gateway running ZoneAlarm security software Use this setting if you get your internet connection from another computer running ZoneAlarm. The next selection is This computer is an ICS/NAT gateway which is used if your computer is sharing the internet connection to other computers. Your computer must be running for them to have an internet connection. If you use either of the last two options, then ZoneAlarm will automatically detect the correct IP address of the client or host computer and enter it in the box. Then you will need to select either the suppress or forward alerts if you want. This comes in handy if you have a setup where the first computer connected to the internet is being run as a server/firewall for other computers. That way any alerts will be displayed on the other computer and you can deal with them without going to the host computer.
Next is the General section and it has a lot of neat little options.
| Block all fragments | Blocks all incomplete (fragmented) IP data packets. Caution: If you select this option, ZoneAlarm security software will silently block all fragmented packets without alerting you or creating a log entry. Do not select this option unless you are aware of how your online connection handles fragmented packets. |
| Block trusted servers | Prevents all programs on your computer from acting as servers to the Trusted Zone. Note that this setting overrides permissions granted in the Programs panel. |
| Block Internet servers | Prevents all programs on your computer from acting as servers to the Internet Zone. Note that this setting overrides permissions granted in the Programs panel. |
| Enable ARP protection | Blocks all incoming ARP (Address Resolution Protocol) requests except broadcast requests for the address of the target computer. Also blocks all incoming ARP replies except those in response to outgoing ARP requests. |
| Allow VPN Protocols | Allows the use of VPN protocols (ESP, AH, GRE, SKIP) even when High security is applied. With this option disabled, these protocols are allowed only at Medium security. The one place I have seen where this is needed all the time is with Starband. |
| Allow uncommon protocols at high security | Allows the use of protocols other than ESP, AH, GRE, and SKIP, at High security. |
| Lock hosts file | Prevents your computer's hosts file from being modified by hackers through sprayer or Trojan horses. Because some legitimate programs need to modify your hosts file in order to function, this option is turned off by default. |
| Disable Windows Firewall | Detects and disables Windows Firewall. This option will only appear if you are using Windows XP with Service Pack 2. |
| Filter IP over 1394 traffic | Filters FireWire traffic. You will need to restart your PC for these filter changes to take effect. |
The next section is the Network Settings section. It is self explanatory. I suggest leaving these settings to the default.
