Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Can't access internet when Internet Zone Security is set to High

  1. #11
    catcherr Guest

    Default Re: Can't access internet when Internet Zone Security is set to High

    "You can add the PPP dns and dhcp IP as trusted too.
    I suspect this is the problem and the IP of the PPP should be tried with 'trusted'."

    "I suspect this is the problem and the IP of the PPP should be tried with 'trusted'"

    Well when the [IP] of the PPP was detected with ZA, I don't think there was a window giving me an option between Internet or Trusted (There Was one which it detected the unused PCI Card), but it was automatically detected and added in Zones after changing security level to Medium, and connecting with the dialer. It was automatically detected and added as Trusted.
    Only then, I changed it to Trusted as you wrote before.
    I just wrote that I also to access the internet with High security, with the IP marked as Trusted, as well maeked as Internet, and with both there was no access.
    And of course, I did add as well the DNS servers and Default Gateway servers listed under PPP as Trusted, I think I wrote before. And there was no DHCP server there, only one under the Marvell Yukon.

    So I think I tried what you wrote, adding the DNS, DHCP, localhost, Default Gateway IPs as Trusted, as well as the IP of the PPP. Nothing worked, what now?
    I can try again to add the IPs... but to be sure, I should add the [2 DNS] and [1 DHCP] IPs listed under the Marvell Yukon, AND the [2 DNS] and [1 Default Gateway] IPs listed under PPP, all as trusted? What about the [1 Default Gateway] IP of the Marvell Yukon? Needed as Well?
    And then change the IP listed under PPP, from Internet to Trusted (its automatically added as Internet when detected)


    *****UPDATE
    Note I did not reset my ZA preferences since the last time.
    I read a similar thread to mine in this forum, and decided to try and add my ISP address which the dialer is always connecting to.
    Just to be sure, I tried adding all of the DNS, DHCP and Default Gateways IPs, of the Marvell Yukon And of the PPP, all as Trusted, then I was able to connect and access the internet on High Security Level. But after it is connected, there is no internet for about 15 seconds, and it seems that ZA is searching for the IP or something, because only after about 15 seconds, I see the PPP IP line is added in ZA Firewall Zones and then theres internet access. It detects it much faster in Security Level of Medium, and theres internet access instantly after connecting.
    The PPP IP is automatically being detected and added as Internet, not as Trusted. And as I wrote internet access works. So I assume its ok to be marked as Internet, and not as Trusted like the manually added IPs?
    Note that every time I connect to the internet, I get a different IP adress (only last 2 octets of it I think).

    So the questions are:
    -Which IPs do I actually need to add, which of the PPP, and which of the Marvell Yukon? There are Default Gateway, DHCP and DNS. I just don't want any unnecessary IPs marked as trusted, only those that are needed for me to access the internet.
    While all of those should be marked as Trusted, should the PPP IP be changed to Trusted, or be kept as Internet?
    -Why does it take for ZA longer to detect an IP on High Security Level, thus there is no internet access immediately after connecting, unless using Medium Security Level, then there is internet access instantly after connecting.
    -Does it matter that I have the PPP IP listed as [IP/255.255.255.255], and not as [IP/255.255.255.0]? I really dont know what it means or if it affects anything?

    Thanks.

    Message Edited by catcherr on 04-21-2009 11:07 AM

  2. #12
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Can't access internet when Internet Zone Security is set to High

    Basic networking for a computer requires open ports to the dhcp and dns servers....along with allowing unsolicited incoming connections....usual connections are bootps and bootpc for the dhcp and dns connections along with broadcasts...by not adding in the required servers the connections are stymied or blocked from allowing the incoming connections, hence these must be added into the trusted zone in order to allow the incoming connections.
    Failure to do so results in a situation as yours - no connections with the internet security slider at high as the needed dhcp and dns servers are not recognized as trusted and therefore seen only as internet.
    If the dns and dhcp servers are seen only as internet, then the incoming connections are dropped, thus even obtaining an assigned IP by the dhcp is very limited or almost impossible and domain name lookups are limited. Both of these will result in loss of access to the internet when the internet slider is at high.

    Oldsod.
    Best regards.
    oldsod

  3. #13
    catcherr Guest

    Default Re: Can't access internet when Internet Zone Security is set to High

    That does not answer my questions.

    First,
    -*Which IPs do I actually need to add*: which of the PPP, and which of the Marvell Yukon? There are Default Gateway, DHCP and DNS IPs. All? Some? which
    And while all of those should be marked as Trusted, should the PPP IP be changed to Trusted, or be kept as Internet?

    And
    -Why does it take for ZA longer to detect an IP on High Security Level, thus there is no internet access immediately after connecting, unless using Medium Security Level, then there is internet access instantly after connecting.
    -Does it matter that I have the PPP IP listed as [IP/255.255.255.255], and not as [IP/255.255.255.0]? I really dont know what it means or if it affects anything?

    Currently I have the ISP server address, and the Marvell Yukon DHCP and DNS Servers added to ZA as Trusted. Do I need the Marvell Yukon Default Gateway IP as well there? What about the PPP DNS Servers and Default Gateway IPs?

    Thanks

    Message Edited by catcherr on 04-23-2009 10:34 AM

  4. #14
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Can't access internet when Internet Zone Security is set to High

    -Why does it take for ZA longer to detect an IP on High Security Level, thus there is no internet access immediately after connecting, unless using Medium Security Level, then there is internet access instantly after connecting.<hr>
    High security level does not allow for unsolicited incoming connections whereas the Medium level does allow for allowing unsolicitied incoming connection ...since the stealthed ports of the 'high' levels do not let in any unsolicited connections...basically the High is internet with no open ports or no allowed servers whereas the Medium is more trusted with allowing unsolicited incoming connections and possiblely allowing open ports or 'servers'.
    There is a little more to this but that is the short answer.


    RE:Basic networking for a computer requires open ports to the dhcp and dns servers....along with allowing unsolicited incoming connections....usual connections are bootps and bootpc for the dhcp and dns connections along with broadcasts...by not adding in the required servers the connections are stymied or blocked from allowing the incoming connections, hence these must be added into the trusted zone in order to allow the incoming connections.
    Failure to do so results in a situation as yours - no connections with the internet security slider at high as the needed dhcp and dns servers are not recognized as trusted and therefore seen only as internet.
    If the dns and dhcp servers are seen only as internet, then the incoming connections are dropped, thus even obtaining an assigned IP by the dhcp is very limited or almost impossible and domain name lookups are limited. Both of these will result in loss of access to the internet when the internet slider is at high.

    This is why both the dhcp and dns must be added in to the Trusted Zone in the ZA - these need to have unsolicited connection enter the windows and the ports involved must not be stealthed by the High level.
    Once these needed dhcp and dns are added as Trusted, then these are no longer seen as 'internet' and then the Internet slider can go to the high level as it is recommended.

    Usually the default gateway is your DHCP server.
    Add this as trusted.
    The gateway or the router can also be your dns server..if not then you are using the internet provider's dns servers.
    Then add these as trusted.

    The PPP IP should be added as Trusted.
    Also if the 'allow uncommon protocols' option is seen in the ZA free, then enable this too.


    Marvell Yukon adapter or the networking device/adapter usually only shows up in the ZA free not in the paid versions... and usually it shows the default gateway or the correctly assigned IP as it's IP.
    But I suspect the present issues with the configurations is prevent this from happening...as the adpater should not be showing 255.255.255.255 or 255.255.255.0 as the default assigned IP.Both the 255.255.255.255 or 255.255.255.0 are cinsidered to be broadcast IP or subnet mask and are not the final result.


    Oldsod.
    Best regards.
    oldsod

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •