Tune Your ZoneAlarm Settings for Speed - ZoneAlarm by Check Point ::
Add the host name or IP address of your network's domain controller to your Trusted Zone by going to the Firewall / Zones panel.
http://www.zonealarm.com/security/en-us/optimization-tips-tune-zonealarm.htmHOME |
I'm trying to install Outpost Firewall 2.5 (370) using Remote Desktop connection on a server machine running Windows Server 2003.
However, Remote Desktop gets blocked by Outpost although i have defined a "trusted zone" for my LAN (subnet 192.168.0.0 / 255.255.255.0) in the configuration dialogs when installing the product.
Some other services, such as SSH-server I'm using, are accessible through LAN, some aren't. Shouldn't the trusted zone-setting override all other settings, so that LAN traffic wouldn't be blocked ?
Allow router IP in trusted zone - Dev Shed::
Allow router IP in trusted zone- Networking Help. Visit Dev Shed to discuss Allow router IP in trusted zone.
http://forums.devshed.com/networking-help-109/allow-router-ip-in-trusted-zone-143197.htmlHOME |
(I have two network adapters in my server computer: one for my LAN and one connected to the Internet)
Another question is about using multiple network adapters: how can I block DHCP requests coming from a specific adapter ?
As far as I know, Windows Server 2003 DHCP-server doesn't allow to control which adapters are listened for incoming requests.
Obviously I want to serve requests coming from my LAN, not from somewhere else.
This cannot be controlled using IP-addresses as the clients sending DHCP-requests do not usually have one.
According to the rules processing order (I found it somewhere on the forums), incoming data is given to the plugins first, so it really doesn't matter if I create rules (which are processed later) allowing the rdp connections, because the plugins still are going to block it.
So I think I should disable the attack detection plugin instead.
Am I right ?Whether the attack detection plugin blocks incoming connections or not will depend on its settings. Normal settings should only trigger a block when multiple connections are attempted in a short period. I would suggest leaving it on, but if you encounter problems then add the IP address of the system you are running RDP from as a Trusted Host (Options/Plug-Ins Setup/Attack Detection/Settings/Advanced/Hosts) - this will prevent any connections with it from being blocked.I guess I have to edit the configurationX.ini-file before rebooting to disable the plugin.
Are there any other plugins that could prevent this kind of connection?The BlockPost and SuperStealth plugins could, if you have them installed.
But: how can I then use attack detection (for the Internet connection) _and_ access the server from my LAN without restrictions ?By using the Trusted Host setting mentioned above. ImageJ & IE::
Go to the View/Internet Options dialog Select the "Security" tab Set "Zone:" to "Trusted sites zone" Click "Add Sites" Add "http://rsb.info.nih.gov"
http://rsb.info.nih.gov/ij/docs/ie.htmlHOME |
Javaw.exe trying to access trusted zone::
The ZA Alert states that the "Java Platform SE binary is trying to access the trusted zone". It lists the File as javaw.exe and the Destination IP as
http://spywarehammer.com/simplemachinesforum/index.php?topic=2805.0;wap2HOME |
I can't obviously configure the attack detection plugin, as it is not configurable until the firewall is up and running, which again leads to the situation where RDP services are blocked (also through SSH tunneling).You need to create an Outpost configuration on a local machine with the rules for RDP. You can disable Attack Detection in this configuration (make sure that you copy the .ini file mentioned above as well as the .cfg since the .ini contains the plugin settings).I still cannot understand why are some connections blocked from trusted addresses.
Does the attack detection plugin have a special setting for blocking Remote Desktop for all hosts until you reconfigure it ?
And all this just to make sure that trusted addresses aren't actually trusted ? :confused:Plugins in Outpost operate independently from Outpost's rules settings - the LAN Trusted Zone settings will therefore making no difference to Attack Detection. Attack Detection has its own Trusted Host setting (mentioned above) and you need to use this to prevent RDP connections from being blocked.Would this be some kind of limitation (a bug?) with the software ?
Anyway, the firewall really needs a remote configuration interface.Outpost is intended for personal use - it has no remote configuration capabilities at all. While these could be added (use the 1 to contact Agnitum if you wish to suggest these), this would require substantial work to do properly.
I can't obviously configure the attack detection plugin, as it is not configurable until the firewall is up and running, which again leads to the situation where RDP services are blocked (also through SSH tunneling).
I still cannot understand why are some connections blocked from trusted addresses.
Does the attack detection plugin have a special setting for blocking Remote Desktop for all hosts until you reconfigure it ?
And all this just to make sure that trusted addresses aren't actually trusted ? :confused:
Would this be some kind of limitation (a bug?) with the software ?
Anyway, the firewall really needs a remote configuration interface.
Ok, thanks for the reply.
According to the rules processing order (I found it somewhere on the forums), incoming data is given to the plugins first, so it really doesn't matter if I create rules (which are processed later) allowing the rdp connections, because the plugins still are going to block it.
So I think I should disable the attack detection plugin instead.
Am I right ?
I guess I have to edit the configurationX.ini-file before rebooting to disable the plugin.
Are there any other plugins that could prevent this kind of connection?
But: how can I then use attack detection (for the Internet connection) _and_ access the server from my LAN without restrictions ?
Welcome to the forums Turja,
To install Outpost remotely via Remote Desktop, you need to create (and test) a configuration locally first which includes a rule allowing incoming connections. Then, when you install Outpost, when prompted to reboot copy across this configuration first (using the filenames configuration1.cfg and configuration1.ini) so that when Outpost starts, it will allow Remote Desktop connections. While Trusted Zones should override Outpost rules, they will not override Outpost plugins and I suspect that it will be the Attack Detection plugin that is preventing your connections.
To block DHCP requests to or from a specific adapter, create global rules blocking DHCP specifying that adapter's IP address as follows:
Block Incoming DHCP: Protocol UDP, Local Address , Remote Port BOOTPS, BOOTPC, 546, 547, Block
Block Outgoing DHCP, Protocol UDP, Remote Address , Remote Port BOOTPS, BOOTPC, 546, 547, Block
These will not block incoming DHCP broadcasts which your client PCs will send at first (to the 255.255.255.255 address) but should cover any subsequent response.
 Microsoft Unleashes Visual Studio .NET
 IBM's iPhrase Buy Adds to WebSphere
|
HOME