Results 1 to 6 of 6

Thread: ZA will not identify individual networks that have same IP addresses.

  1. #1
    wsagazoid Guest

    Default ZA will not identify individual networks that have same IP addresses.

    I have a laptop running XP Pro SP2 and ZAISS.
    I use this laptop at many different businesses to order merchdise for them.I have settings for each companies wireless network to access specific printers and the internet.Well this means
    this machine
    will see roughly 40+ different networks on a regular basis
    when traveling to all these businesses.This includes the business networks (Both A
    and/or
    G access), various hotspots, hotel wi-fi access, my home wi-fi, and couple different friends wi-fi setups.
    Here is the problem:
    Two of the hotspots I do trust have LINKSYS WRT54G routers setup with encryption, but unfortunately they
    left the default IP address of 192.168.1.1.

    I then leave there I stop at a friends apartment complex on a weekend. I have setup his LINKSYS router with encryption, Mac filtering, changed the SSID & turned off
    its broadcast, changed the IP address.Also within the same complex there are 7 other LINKSYS routers are all using the default IP of 192.168.1.1, each one has its own SSID, but ZA is ignoring the SSID and putting them
    all
    into the trusted zone.

    I may not be able to connect with them but they are all added
    merely based on the IP address.
    Now I go into settings and remove the IP address from the trusted zone and ZA removes all of them, and it also goes into the wireless connection and deletes the Hotspot site configs that I do trust.
    How do I get ZA to trust the two hotspots and ignore the other seven without recongifuring the two hotspots everytime I visit my friends router?Better yet how do I add these seven routers to the Blocked zone but yet allow the two hotspots in my trusted zone?So far
    ZA can keep everyone out, but ZA can't seem to selectively let in the ones I do trust without inherently including ones I do not.Just because I trust a network Access point or gateway it should not automatically mean I trust everyone
    also connected to it.This is not a very secure
    manner for a firewall to perform.
    I am beginning to think that ZA is not suited for my specifc needs.
    Any Ideas?
    Thanks in advance,Bill



    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    zaswing Guest

    Default Re: ZA will not identify individual networks that have same IP addresses.

    I don't know whether ZA can make that distinction you need. Perhaps there is something about it in the manual or under the HELP button. Interesting problem

    There might be a hardware solution instead. Linksys, for instance, sells some kind of portable routers with wireless, WPA, all the good stuff. Quite small, read their specs.

    Perhaps tech support will suggest which way to go or settings you need
    http://www.zonealarm.com/store/conte...ch_support.jsp

    Message Edited by zasuiteuser on 08-24-2007 11:57 PM

  3. #3
    wsagazoid Guest

    Default Re: ZA will not identify individual networks that have same IP addresses.

    Well I have learned the very hard way that this product is not intended for Corporate/Enterprise level network infrastructure.Yesterday
    I was at an International Airport on the west coast after attending a monthly meeting.
    I found that this airport was running CISCO Aironet 1240 A/G series access points.
    How do I know this, well I saw the one I was sitting by.
    What I learned was a little disconcerning.
    By default ZA looks at the internet gateway address and then trusts all the IP address downstream from that gateway. (Going out to the internet past the gateway would be considered upstream.)When ever ZA trusted the internet gateway it inheirnetly trusted everyone that is connected to the same gateway.
    Well in this instance all the access points were connected via a series of switches connected to a router that was connected to the gateway.
    But that is not what my problem is.
    What my problem still is that today when I got to one of the retail stores I service I could not connect to thier network because ZA thinks I am still connected to the Airport WI-FI on that on the other side of the state.
    What is even more irritating is that ZA could not tell the difference in the networks even though the airport used all CISCO equipment and the store that I was in used SYMBOL Technologies A/B/G access points connected to HP Switches and a HP router.

    What I realized is that these two network happen to have the same IP numbering schemes, thats all that ZA seemed to look at when deciding where I was at.
    I didn't have time to play with it today so I just merely unistalled real quick so I get my job done.
    I enabled the WINDOWS firewall.
    It only took 5 minutes the Windows firewall to indentify the 5 different Access points and ask if I wanted to trust
    them and also asked of I wanted to trusted the other used hooked to each access point.
    Now the windows firewall is not the greatest by any means but it can at least indentify the enviroment its hooked to.Problem solved......I going to buy a different firewall.Now this firewall performs great
    on my
    home network where
    there is no change day in day out, or maybe a laptop
    that sees maybe two or three other networks, but it fails miserably when you throw 50+ different ones at it.

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: ZA will not identify individual networks that have same IP addresses.

    You could set the ZA to automatically place all new wifi networks as Internet amd then manually change the connection to Trusted, when you have arrived at the two trusted wifi networks. I would make sure the ARP protection is on and check the gateway security is used as well.
    This will offer you superior protection with the ZA at hotspots. The Trusted Secuity Zone and the Internet Security Zone sliders both should be set at High for the distrusted LANs. These can be reset to their normal positions at the trusted LANs. This would be the normal method for keeping the PC secure at the untrusted hotspots.

    There is no direct filtering as per MAC addresses in the ZA. This can be found in other software firewalls, but not all of them and the ones that can, will handle this issue each differently. But there are plenty around that will work by the MAC address and some will still not allow trusted as per MAC or internet as per MAC, so look carefully around. Usually the firewalls that will dicriminate by the MAC address will set up different profiles as per different LANS/setups- you would in this case set up two seperate profiles for the two trusted LANS and then setup a generic internet or distrusted profile for the other hotspots.

    As for the windows firewall and the detection of the many other networks, the detection/creation of the new networks can be used when the ZA is operational as well. This is not out of the ordinary.

    Oldsod
    Best regards.
    oldsod

  5. #5
    wsagazoid Guest

    Default Re: ZA will not identify individual networks that have same IP addresses.

    <blockquote><hr>Oldsod wrote:
    You could set the ZA to automatically place all new wifi networks as Internet amd then manually change the connection to Trusted, when you have arrived at the two trusted wifi networks.

    Oldsod
    <hr></blockquote>

    I wished ZA would even do that. It doesn't seem to be a matter of network identity it point blank does not distinguish between different access points.
    Over the last 2+ weeks ZA has seen nearly 200 or more different access points but thinks that all of them are the same single access point. The windows network manager seems to be able to identify each and every network and keeps track of what resources are available on each one. Windows will ask me if I want to name any new network it encounters. (When I say Windows network manager I refer to what ever system process that WIN XP Pro's MY NETWORK PLACES uses to distinguish one network from another.) Why can't ZA do this. For instance when I am at store #701604 of this retail chain I visit windows knows that I print to the managers office network printer because that store doesn't have a printer at the receiving area like their other stores. But ZA still thinks I am still using the LINKSYS WRT54G wireless router I have at home even though at this chain of stores I connect via Symbol Technologies access points. While in another chain of stores I connect via D-Link equipment.
    The hotels chain I usually stay at use CISCO, the two hot spots I trust use Buffalo Technologies, a relative has a Motorola Cable Modem with built in Wireless. But ZA still thinks I am still connected to the WRT54G at my home.

    But this is all water under the bridge now...my companies IT department has just sent me a download for their new custom built security suite by a company that uses modules from major providers. It seems ours has modules from Symantec, Lavasoft, Enigma Soft, Kaspersky AV, Citrix, and something from Ironkey. But the whole suite only shows our corporate Logo not all the individual logos of the module providers. This has got my curiosity peaked. I just might have to forgo the usual family barbecue and spend my Labor driving around testing out this new suite. (Yea, I know...I should find some sort of help when I would rather play with a new software program than spend time with family.)

    Thanks for your time and suggestions.

    WSagazoid

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: ZA will not identify individual networks that have same IP addresses.

    If it using the Lavasoft firewall, then the problem maybe solved.

    Gee what better way is there than to spend the weekend on the PC?

    Take care, Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •