Results 1 to 7 of 7

Thread: Rules Processing Order

  1. #1
    lhookway Guest

    Default Rules Processing Order

    Hi there,
    I am trying to get my head around the order that ZA rules are processed; are there any specific articles on this that someone could point me to?
    Are Firewall rules processed before Program rules or is it the other way around?
    Regards,
    Laurence.

    Operating System:Windows Vista Home Premium
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    zaswing Guest

    Default Re: Rules Processing Order

    Program rules go first, and if something is stopped or allowed then firewall rules don't play a role. Otherwise firewall rules go last.
    Yes, there's a writeup in HELP, see the Contents tab, the Firewall protection, then Understanding expert. Also they put it all together in the Expert firewall rules and program permission section. Hope this helps.

  3. #3
    lhookway Guest

    Default Re: Rules Processing Order

    Thanks for the reply zasuiteuser - much appreciated.
    So Program Rules are evaluated before Firewall Rules.
    OK, then looking at little deeper at Program Rules specifically one can Allow or
    Block access to either the Internet or Trusted zones for a specific program.
    In an effort to further my understanding how all the various firewall and program settings
    work in ZA I looked at the settings for Internet Explorer.
    For example If I set
    Internet Access for Internet Explorer to Allow and
    also create a single Expert Program Rule
    to
    Block
    all ports and all destinations then
    as I would expect I cannot browse the internet.
    However if I set Internet Access for Internet Explorer to Block and create a single
    Expert Program
    Rule to Allow all ports and all destinations then I find I still cannot browse the internet.
    This seems to infer that the Access permissions one sets for a program take precedence over any experts rules that are defined for that program.
    Is it the case that if Internet Access is Blocked for a specific program then that programs expert rules are in effect ignored and not evaluated at all? This seems to be the case otherwise setting Internet Access to
    Block for Internet Explorer with a single expert rule that allows all communication would still allow Internet Explorer to browse the internet when in practice using these program settings seems to block internet access entirely.
    Regards,
    Laurence.


  4. #4
    zaswing Guest

    Default Re: Rules Processing Order

    See if this by Guru Oldsod will clarify (also search similar posts)
    http://forums.zonealarm.com/zonelabs...ssage.id=54092

    I followed your thinking till I hit "Is it the case that if Internet Access is Blocked for a specific program then that programs expert rules are in effect ignored and not evaluated at all?" now I'm lost

    Message Edited by zasuiteuser on 01-26-2009 08:55 PM

    Edit - here's another link you may like
    http://forums.zonealarm.com/zonelabs...ssage.id=52408

    Message Edited by zasuiteuser on 01-26-2009 09:09 PM

  5. #5
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Rules Processing Order

    "Are Firewall rules processed before Program rules or is it the other way around?"

    Neither.
    Firewall Expert, Firewall Zones and the custom/advanced settings for the Firewall are "global packet filtering" rules. Global packet rules apply to all.

    Program Rules either as Expert Rules or the as in the program's customizied settings, are pure "application rules". Program rules apply strictly to that particular program.

    ZA is the not just a very customizeable packet filter, but also an application firewall.

    Oldsod.
    Best regards.
    oldsod

  6. #6
    lhookway Guest

    Default Re: Rules Processing Order

    Thank you Oldsod.
    I understand that Firewall Expert, Firewall Zones and the custom/advanced settings for the Firewall are "global packet filtering" rules
    that apply to all IP traffic..
    I also understand that Program Access settings and Program Expert Rules apply to the IP traffic of a specific program.
    All I was trying to get a handle on the order in which ZA checks to rules to determine whether or not a specific programs IP traffic
    is either allowed or blocked.
    If the answer is "neither" then I must confess I am totally confused.
    Let's assume we have a program called prog.exe that tries to access the Internet Zone. In what order are the various rules evaluated to determine whether or not this program can access say the Internet Zone.
    Regards,
    Laurence.

  7. #7
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Rules Processing Order


    <blockquote><hr>lhookway wrote:
    Thank you Oldsod.
    I understand that Firewall Expert, Firewall Zones and the custom/advanced settings for the Firewall are "global packet filtering" rules
    that apply to all IP traffic..
    I also understand that Program Access settings and Program Expert Rules apply to the IP traffic of a specific program.
    All I was trying to get a handle on the order in which ZA checks to rules to determine whether or not a specific programs IP traffic
    is either allowed or blocked.
    If the answer is "neither" then I must confess I am totally confused.
    Let's assume we have a program called prog.exe that tries to access the Internet Zone. In what order are the various rules evaluated to determine whether or not this program can access say the Internet Zone.
    Regards,
    Laurence.

    <hr></blockquote>
    "Program Rules either as Expert Rules or the as in the program's customizied settings, are pure "application rules". Program rules apply strictly to that particular program."

    In your example of program.exe, the expert rules and the custom setting (in the program listing) are first examined, then the firewall's zones and expert are examined (along with any customization in the firewall settings). In that sequence, as far as I know.

    If anything is blocked in any one of those stages, then that individual block will be followed (even in the custom and advanced settings too). (reason why I previously stated neither - it is a progression)

    Try it with some expert for the program and see for yourself.
    Block the email ports in either the firewall expert or in the zone customization and then set the email ports to be allowed in the email client's program expert and see what happens. Even though rules/settings for the email program will be first examined by the ZA, does the email client still connect?

    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •