Results 1 to 8 of 8

Thread: ZA and VMware Workstation

  1. #1
    xpanmanx Guest

    Default ZA and VMware Workstation

    Greetings --
    Is there a trick to getting VMware guests to use a bridged network when ZA is running?
    I've recently installed ZoneAlarm (free) v8.0.065.000 on Vista Ultimate SP1.
    I use VMware Workstation v6.5.1-126130 every day.
    All of my virtual guests have bridged network adapters.
    Since installing ZA, my guests cannot access the network.
    They receive DHCP addresses and that is all.
    The log shows that ZA is blocking routed packets from the guests to my DNS servers.
    The policy and rule columns show "PersonalPolicy" and "BlockAll2".
    ZA program control is set to medium.
    The Internet and trusted zones are set to high security.
    I would like to continue to use these restrictive settings.
    VMware Workstation VMX has access to the Internet and trusted zones.
    It is set to prompt to be a server in both zones.
    VMware Authorization Service is set to prompt for access and server permissions.
    What do I need to know to make this fly?
    Best regards,
    Tim ==

    Operating System:
    Windows Vista Ultimate
    Software Version:
    8.0
    Product Name:
    ZoneAlarm (Free)


    Message Edited by xpanmanx on 01-27-2009 03:01 PM

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Greetings -- Is there a trick to getting VMware guests...

    Hi!not an experts at all on your setup but the ZA settings seems wrong.ZA Trusted zone cannot be set to HIGH otherwise it will act as Internet zone.Set Trusted Zone to MEDIUM and add the IPs of your virtual guest as 'trusted'under the ZA firewall tabCheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    xpanmanx Guest

    Default ZA and VMware Workstation



    Thanks, that appears to have worked.

    Why did I have to downgrade the security of the Trusted zone?

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZA and VMware Workstation

    Hi!Its not downgrading but default settings. The HIGH settings for TRUSTED will simply remove any trusted zone in your system and no sharing will be allowed.May be a look at the manual could help in understanding the difference between Trusted and Internet zone:http://download.zonealarm.com/bin/me...ser_manual.pdfHope this helpsCheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    xpanmanx Guest

    Default Re: ZA and VMware Workstation



    Thank you - the User Guide has a lot of good information.

    However, I'm confused by this statement:

    "High security places your computer in stealth mode, making it invisible to hackers. High security is the default configuration Internet Zone. In High security, file and printer sharing is disabled; but outgoing DNS, outgoing DHCP, and broadcast/multicast are allowed, so that you are able to browse the Internet. All other ports on your computer are closed except when used by a program that has access permission and/or server permission."

    First, please know that my host IP address is in the Internet zone.
    Then recall that I had configured VMware Workstation VMX so that it could access the Internet and trusted zones.

    Thus my confusion, as I had specifically allowed Internet access to the application as described in the quoted text, yet it was apparently denied.

    Perhaps we are flogging a dead horse but I would like to understand more.

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: ZA and VMware Workstation

    Hi!I am not sure I follow, but the text refers to the machine and the internet....Your issue is with the 'clients' not the internet that need toaccess the machine thus the status as trusted.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    shaidarol Guest

    Default Re: ZA and VMware Workstation

    You aren't mistaken. You should be able to set high for both zones and still get to the internet. You will have trouble sharing anything from your computer to others, and some facilities will be challenged.

    However, the typical used will only have 2 networks to deal with, the internet and the network behind their cable modem, be it one computer or many. In your case, you have both of those AND the two networks used for VMWare. The VMware networks will have to be put into something a trusted zone with no higher than medium security or it will have issues. It sounds like your VMware networks are also defined in your internal or trusted network, and if you set that to high, the trafic that runs around in your computers memory while VMWare works it's magic will be affected adversely.

    If you want your "house lan", what most people set to 192.168.1.0/24 to be on high security and your VMware to function, just put that network into "the internet" and leave that on high. Then put the two networks defined by VMWare (Usually 192.168.232.0/24 and 192.168.77.0/24) into the "trusted zone". Those exist on your computer only, one is for VMWare to your system communication, and one is for communication between VMs (mostly), and as such you SHOULD be able to trust them, assuming that you are running appropriate security in the VMs.

    This comes to you from a linux VM running on VMware 6.5 on top of XP, and this is my third personal computer with VMWare Workstation. This worked on some of my previous installations (I've been running Zonealarm since win95) BUT... On my new i7 the latest and greatest ZA appears to have some issues with VMware, there may be a bug on one side or the other as it doesn't quite work the way the last dozen or so updates of ZoneAlarm worked with Workstation 5, 5.5 and 6.5, so your mileage may vary.

    Hope this helps and doesn't further your confusion.

  8. #8
    xpanmanx Guest

    Default Re: ZA and VMware Workstation

    Thanks.
    I don't use NAT or DHCP with VMware Workstation.
    All of my VMs have a single virtual network adapter, bridged to VMnet0 (default Bridged).
    VMnet1 (192.168.175.0/24) and
    VMnet8 (192.168.240.0/24)
    appear only in the Virtual Network Editor.
    I
    removed them from Windows' Network Connections panel long ago.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •