Page 2 of 2 FirstFirst 12
Results 11 to 13 of 13

Thread: port privileges

  1. #11
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: port privileges

    You are very welcome miamia.

    Let us see what happens.

    If there is any blocked events, these should be logged in the Logs and seen in the Log Viewer. This will help use "debug" the problem(s).

    Oldsod.
    Best regards.
    oldsod

  2. #12
    miamia Guest

    Default Re: port privileges

    hello Oldsod,
    thank you now everything seems to work ok. I unchecked
    "block internet servers" and "block trusted servers" and now it works. But what are
    benefits of "block internet servers" and "block trusted servers"?

  3. #13
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: port privileges

    Hello miamia

    "But what are benefits of "block internet servers" and "block trusted servers"?"

    I thought sooner or later you will ask this question.
    Long answer.

    To simply the configuration of the Zonealarm firewall, there are three basic "Zones".

    A Trusted Zone, an Internet Zone and a Blocked Zone.

    Blocked Zone is the simpliest to define - it means blocked and just blocked (regardless of access or server).

    Trusted Zone usually refers to the gateway or the dhcp server; most often from the local router or from the internet provider's dhcp server(s). And most often the dns server(s), again the trusted zone is most often the gateway, router or the dns servers of the internet provider. But included in the Trusted Zone are also the file and printer, scanners, other local ares network connected devices, VPN servers (and IPs), other computers directly file (BUT NOT P2P or IM!) sharing with this computer on the internet (assuming the IPs are static) and so forth.
    The window's time servers for updating the window time should be in the trusted zone, but this is often missed by most - however the ZA does give a popup asking for permission to allow incoming connections from the time server(s) to the svchost.exe, most people just okay this alert and the Zone alarm remembers the decision and allows the incoming time updates regardless anyways.

    (See links for more details and descriptions and backgrounding)

    http://en.wikipedia.org/wiki/Private_network

    http://en.wikipedia.org/wiki/Dhcp

    http://en.wikipedia.org/wiki/Domain_Name_System

    http://en.wikipedia.org/wiki/Time_server

    Included in the Trusted Zone is the use of other protocols such as ICMP (for example), not just TCP and UDP. (NOTE some icmp and possible other protocols can be used and often needed for useage in the Internet Zone all depending on your particular setup and useage of the particular computer and by the exact internet connection of the computer.)

    http://en.wikipedia.org/wiki/Interne...ssage_Protocol

    http://en.wikipedia.org/wiki/Transmi...ntrol_Protocol

    http://en.wikipedia.org/wiki/User_Datagram_Protocol

    [okay I now give the whole index for the protocols.... see....

    http://en.wikipedia.org/wiki/Tcp/ip

    this very detailed page covers a lot from front to back and from the beginning to the end!].

    Okay enough gibberish and enough geek talk.
    The Trusted Zone really means trusted IP(s) that are always allowed to be connected (not blocked or internet). BUT since the computer must have certain allowed incoming connections from the Trusted IPs which are set in the Trusted Zone (for example the dhcp server and the dns server), we have to allow these trusted IPs to be set as Trusted Zone Servers.
    Always!
    Unless you create a complete expert rule set for the Firewall and for the Programs - then the ZA is configured with rules.

    What are these at the most the most basic incoming connections that the computer needs from the Trusted Zone?[*]For the DHCP connections - it needs to allow incoming from the dhcp server's port 67 by UDP to the computer's port 68. This is needed for ARP and broadcast for examples and for the usual DHCP connections established during the run time of the computer.

    http://en.wikipedia.org/wiki/Address...ution_Protocol

    http://en.wikipedia.org/wiki/Broadcast_address
    [*] For the allowing of incoming connections from the DNS server's remote port 53 by UDP to your computer
    [*]For the allowing of connections that are occuring on the computer's own local host using the loopback address of 127.0.0.1

    http://en.wikipedia.org/wiki/Loopback

    These just mentioned must be allowed the Trusted Zone Server. Thing previous mentioned further above can be also set as Trusted Zone Server.

    Internet Zone refers to IPs that are neither Trusted or Blocked.
    This usually means any IP not associated with the LAN (Local Area Network) or any "Untrusted" IP or any blocked IP. Generally the Internet Zone means any Internet IP.

    http://en.wikipedia.org/wiki/Local_area_network

    The Internet Zone is usually considered the regular connections which are accessing the web servers.

    http://en.wikipedia.org/wiki/Web_server

    NOTE: if using a laptop or portable computer in a public access point such as in an airport or library or coffee shop or hotel, then this is not considered to be a Trusted Zone and it should be set as the Internet Zone in the Zone alarm. It is an "un-trusted" network!

    Next comes the Internet Zone Server in the Zone Alarm regarding the Internet Zone.
    Usually, if not almost, most Zone alarm users use the Zone Alarm to their advantage when to comes to the allowance of the Internet Zone Servers. By this I mean the needed email connections, IM (internet messengers), P2P, time updaters, and so forth.
    Most almost all, never clearly define these usual IP (and IP ranges) into the Trusted Zone as Trusted and yet these IP still need to allow incoming connections from these Internet IPs (web servers). The answer as to why is simple - the Zone Alarm does this for them automatically.
    If there is an incoming connection from one of the Internet Zone servers, the ZA ask you as to whether or not to allow this connection. Once the Zone Alarm alert has been answered with the Allow and Always, the Zone Alarm then stores this information in it's database for any future connections. If the IP(s) change concerning the same usual connection then the ZoneAlarm will Alert again asking what is then to be done - allow or deny the connection.

    Your IM and ICQ are perfect examples of the IPs placed in the Internet Zone and needing to have incoming connections. By just allowing the Zone Alarm alerts and fine tuning the Zone Alarms program listing, you set the allowed accesses and servers as per the three Zones seen in the ZoneAlarm (Blocked, Trusted and Internet Zones).



    Now to finally answer your question.
    (I told you beforehand the answer was long winded)

    "But what are benefits of "block internet servers" and "block trusted servers"?"

    You can "block Internet servers" only IF the required needed and usual servers are placed into the Trusted Zone. But only then. Or else the needed and most basic servers such as the dhcp and the dns will be blocked off.
    In a truer answer the block Internet servers" actually does not mean the ports but the servers placed in the Internet Zone.
    But almost every ZA user never places all of the usual needed servers into the Trusted Zone and skips the finer tuning alone and leaves this task directly to the management of the ZA.

    You can "block Trusted servers", but I personally never really have seen any need for this option.
    I suppose you could use this to block unwanted connections while using an unsafe or untrusted network such as in the airport, coffee shop or hotel or wireless hotspot. But using this may cause a loss of connections and force a reboot to re-establish the connection with the public access point. It is probably better and safer to instead set the Trusted Security Zone slider to High, not the medium or low levels.


    (Unedited and unproofed for spelling and grammatical errors and for typos and for content).

    Best regards.
    Oldsod.
    Best regards.
    oldsod

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •