Results 1 to 6 of 6

Thread: Being Timed Out

  1. #1
    dadralph Guest

    Default Being Timed Out

    Hi, I am being timed out by a stock trading co.
    They advised me to allow a certain port number in tcp and udp, which I did.
    They advised me to allow a quote feed address in my trusted zone.
    I did this.
    They then said I must write a rule to allow the said port to be open all the time.
    I tried this and don't know if I did it correctly.
    Can someone please advise on this problem.
    Thank you

    Ralph

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Pro

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Being Timed Out

    Describe/list what has been done so far. Include ports/port ranges, IP/Ip ranges and the application involved (browser or special application?).
    Also, has the Privacy been adjusted and what has been done with server rights?
    Opended port where - in the expert of the firewall, in the expert of the application or in the firewall?
    What protocol is involved?
    Is ICMP involved?
    Are your dns and dhcp IP in the trusted zone?

    Oldsod.
    Best regards.
    oldsod

  3. #3
    dadralph Guest

    Default Re: Being Timed Out

    Hi Oldsod, In Zone A. Firewall, Expert I Put the following: Source
    My Computer, Destination
    Trusted Zone and Internet Zone, Protocol 443, Action Allow, Track None
    Time Any Comments None

    In ZA I allowed all incoming and outgoing in both Trusted Zone and Internet Zone (TCP & UDP)

    Does this help??
    Ralph

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Being Timed Out

    Technically, just enabling both the servers with both accesses for the application should be sufficent (along with adding the Ip/Ip range as trusted in the zones).

    Change both the Source and the Destination in the Expert to just My Computer and the IP/IP range involved. For both. Remove the previous rule.

    Protocol:
    Under protocol use https (443) for source and destination Any.
    Add another Protocol, for source Any and destination 443.
    Repeat again for http (80).
    Again allowing two rules with source and destination for port 80.
    Now the 443 is allowed in and out. The http is included since seldom 443 is alone and is often initiated and accompanied by http connections.

    Time should be Any or set as you desire.
    Track is Log (or Log and Alert)
    Action is Allow
    Rank is 1


    Add the IP/IP range as Trusted in the Zones of the Firewall.


    In the Program listing, right click the application.
    Open the Options.
    Open the Expert.
    {remember to give these rules Names and give any description to your own liking}
    1st rule, add a localhost
    Source: add the address 127.0.0.1 and My computer
    Destination: add the address 127.0.0.1 and My computer
    Protocol: Any

    Track is None
    Action is Allow
    Rank is1


    2nd rule add a DNS rule:

    Source:
    My Computer and both DNS servers (or your router DNS- which ever apply).

    Destination:
    My Computer and both DNS servers (or your router DNS- which ever apply).

    Protocol:
    1std rule:
    UDP and TCP
    Destination dns (53)
    Source Any
    2nd rule:
    UDP
    Destination Any
    Source DNS (53)

    Time should be Any or set as you desire.
    Track is Log.
    Action is Allow
    Rank is 2


    3rd rule for the Expert is the identical to the rule you just added/edited previously in the Expert of the Firewall.
    Time should be Any or set as you desire.
    Track is Log (or Log and Alert)
    Action is Allow
    Rank is 3


    4th rule for the Expert is a "Block All" - any protocol and source and destiantion.
    Time should be Any or set as you desire.
    Track is Log and Alert)
    Action is Block
    Rank is 4

    Check for the logs for the allowed connections and especially for the blocked connections. These are your guides to determining what needs to be chnaged or added in regards to the event. Set the logging and the alerts to High for the time being until this is properly sorted. This way things can be closely watched. The Block All Rule in the Expert will be active if there is more to be adjusted or additional rules to be created.


    Next, if the Expert is used to it's fullest extent and range, then do not use single entries and instead use the Groups. Much faster and easier and a lot simpler.

    Make sure the DHCP, DNS (s) and the loopback (127.0.0.1) are listed as Trusted in the Zones of the Firewall.
    Make sure the Trusted Zone Security is at Medium and th Internet Zone Security is at the High setting.

    In the Advanced of the Main of the Firewall, allow both Trusted and Internet servers.

    In the Custom of the Main of the Firewall, for the Internet Security, allow all entries of the ICMP Echo (type 0 )and Request (type 8). This is for both pinging and tracert ICMP connections often needed for the later connections to be established. Destination Unreachable and Time Exceeded may have to be allowed for both directions as well. The ZA default settings only allows the minimal ICMP connections and directions. Allowing the other ICMP directions will be beneficial for the connections.

    Furthermore... if using a router, inside the router....allow Reply to ICMP and perhaps the ports 443 and 80 will have to be allowed (if the IP range is available for the opned ports, then use that option).

    Oldsod.
    Best regards.
    oldsod

  5. #5
    dadralph Guest

    Default Re: Being Timed Out

    Hi Oldsod,
    Thanks for the info.
    A little to technical for me.
    I think I will change brokers.

    Ralph

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Being Timed Out

    The first few rules attempted are the hardest.
    The later rules beocme less confusing and much easier.
    In the end, the internet/networking rules are filled in the expert and each and every application has it's own set of unique expert rules.
    The firewall has become a tool for the user and the user is no longerer controlled by the firewall. The user has become free and is now the master of the firewall.

    The user then has absolute control/monitoring over the internet/networking connections and the applications involved.

    Ports, protocol and IP and directions have become very simple and are a pure joy.

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •