Results 1 to 10 of 10

Thread: Trusted vs. Internet Zones - Understanding configuration issues

  1. #1
    chipzoller Guest

    Default Trusted vs. Internet Zones - Understanding configuration issues

    After using the firewall for serveral builds (which, in my opinion is GREAT), and after after reading through the manual, I still am unsure about an issue:

    How can one have multiple zones assigned if only 1 (not counting the loopback IP) IP is present? For instance, I'm running a wireless router going out to a cable connection, and so my gateway is my router. The NAT IP assigned to my machine and the network associated with it is listed as a trusted zone, I suppose as it should. Is this normally used as an internet zone? Is my configuration normal in this case? I just want to be a "master" in configuring this firewall, and as I'm no novice to firewall configuration, I want to be able to configure this in the most efficient mannner.

    Thanks for any suggestions, comments.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.0

  2. #2
    ad_hock Guest

    Default Re: Trusted vs. Internet Zones - Understanding configuration issues

    Hi chipzoller
    If you have a NAT router (it doesn't matter if it is wired or wireless) what happens is the following. You router receives a external ip assigned by your ISP through the modem. This is the ip that is used and it matters for the wide internet (WAN). Then with the NAT feature your router get's an internal or private ip within one of this ranges:
    10.0.0.0 - 10.255.255.255.255
    172.16.0.0 - 172.31.255.255
    192.168.0.0 - 192.168.255.255
    This internal ip is what counts for the LAN, your network where are placed your computers that also have ip's inside the ranges above.All this private ip's are not reached nor scannable from the internet side, so if you want to share resources among your computers this ip's should be in the trusted zone as well as the gateway that is the internal router ip. The outside internet doesn't contact with your LAN computers it contacts with the external ip of the router that put simply has a list with the requests made by the LAN computers (processes and ports)and compares the external incoming packets with this requests. If they match the router passes to the LAN and distributes to the right computers and ports if they don't match the router drops the packets.Hope this simplified example coresponds to your question if not just post back.
    Best regards

  3. #3
    chipzoller Guest

    Default Re: Trusted vs. Internet Zones - Understanding configuration issues

    Thanks for the reply, but I am familiar with how NAT networks and routers relay packets. I'm just simply wondering about assigning a trusted and internet zone to a computer. Obviously in my case, this cannot be done, correct? So I guess I'm asking in whose case is the internet zone used? This would most likely be in a case where there's a direct connection to the internet (dial-up, gateway machine, or lan machine using IP passthrough, etc.). Let me know if I'm still not making sense.

  4. #4
    ad_hock Guest

    Default Re: Trusted vs. Internet Zones - Understanding configuration issues

    The case where there is not a network and a computer is directly connected to the internet is the most easier to understand, there you put the network ZA detects in internet. But even with a LAN you can use both trusted and internet. Suppose the network ZA detects something like 192.168.1.0/255.255.255.0 is putted in trusted (I always do that), but imagine you don't want that all possible ip's in the LAN are trusted,one way to accomplish that is putting the whole range in internet and then in each pc add the assigned ip to trusted zone. That way you may share resources with those ip's. You may also do that with hosts (name you give to each computer when setting up the network),adding the hosts to trusted zone.
    Hope this helped
    Best regards

  5. #5
    chipzoller Guest

    Default Re: Trusted vs. Internet Zones - Understanding configuration issues

    Hmm...good idea. I didn't think of that.

    Regarding adding certain hosts in the LAN to the trusted zone and the rest (within the DHCP range) assigned to the internet zone...When you go to add Host/Site, can you separate hosts by commas so you have one entry with multiple hosts?

    Message Edited by chipzoller on 01-02-2006 11:15 AM

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:6.0

  6. #6
    ad_hock Guest

    Default Re: Trusted vs. Internet Zones - Understanding configuration issues

    To be honest I've only added one by one never tried to add as you suggest. With the ip's you have the option of ip range, may be I'll try to see if it works but again I never did that way as I don't have many LANs to set up. But now you made me curious.
    My best regards

  7. #7
    chipzoller Guest

    Default Re: Trusted vs. Internet Zones - Understanding configuration issues

    I'm going to check it out. Let me know what you find.

    The IP range is fine, but it depends on how the DHCP is set to hand out IPs. If the lease time is forever then it's ok (or until the router is reset, in my case I think it nulls out the IP->MAC table in the router, but am not positive). Because if you can add hosts separated by commas you can track your machines on the LAN even if the IP->MAC association changes.

    In my case, I have cable coming into a router which I share with our neighbors, so I want to add my LAN side into the trusted network and everything else outside. I'll check out adding hosts separated by commas and see if that works.

    Message Edited by chipzoller on 01-02-2006 12:27 PM

  8. #8
    ad_hock Guest

    Default Re: Trusted vs. Internet Zones - Understanding configuration issues

    Hi chipzoller
    If you try that would appreciate your feed back. I'll also try for myself as soon as I have a chance.
    Best regards

  9. #9
    chipzoller Guest

    Default Re: Trusted vs. Internet Zones - Understanding configuration issues

    Ok, after doing some checking, you CANNOT add multiple hosts per rule because the host must be looked up before it is added (which I have a question right off about this...since looks up the host's IP, is the rule being applied to the host or the IP? The are one and the same until the IP changes and host remains the same. I would like an answer to this question).

    but also, it seems you can only add hosts in either the trusted zone or blocked...why not internet? And just to clarify, the blocked zone allows NO traffic at all, correct?

  10. #10
    ad_hock Guest

    Default Re: Trusted vs. Internet Zones - Understanding configuration issues

    It was my impression you couldn't add multiple hosts at same time. When you use host the rule applies to name not ip.That's one way to overcome the eventual problem of change of the ip.
    About the blocked zone you are correct means no traffic at all.
    Adding only to trusted or blocked is that by default if you don't add it is internet,so you just need to add the exceptions.
    Best regards

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •