Results 1 to 8 of 8

Thread: Zonealarm Blocks Access to Router LAN

  1. #1
    steverb Guest

    Default Zonealarm Blocks Access to Router LAN

    I have seen a number of posts on this issue but none seem to resolve the problem.
    Basically after Zonealarm has been sitting idle for indeterminate amounts of time it just refuses to allow a connection to the Router/Switch that provides my LAN, Internet Gateway and DHCP Server.
    Even Zonealarms own update function will not get through.
    There is no idication of any activity on the Zonealarm symbol in the tray and not evidence of blocking occurring when I look at the logs.
    The only thing I see in the logs is my router doing a port scan from :2869 which are being
    blocked.
    The LAN is setup as an Internet zone as there is another PC connected which
    have no trust - belongs to a 17 year old.
    Could this scanning be triggering Zonealarm to block all programs?
    If I shutdown and restart Zonealarm it all comes good.
    In fact as soon as Zonealarm shuts down all the programs queued attempting to get access come to life.
    That is one of the big problems as often I can't shutdown Zonealarm as the whole system comes to a standstill.
    None of these problems occur if I disable Zonealarm and just us the OS firewall.
    I have removed Zonelarm from the PC and done a clean install but the same problem persists.
    I have been using Zonealarm for a long time and don't wish to change but if I can't get this resolved then I will move on.
    P.S.
    This problem only seems to have become evident over the last two upgrades.

    Operating System:
    Windows XP Pro
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Pro


    Message Edited by SteveRB on 09-29-2007 04:24 PM

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zonealarm Blocks Access to Router LAN

    TCP port 2869 is the UPnP port. The other UPnP ports are UDP 1900 and TCP 5000. The router is scanning but it is not nefarious or something gone wrong. Of course, the port activity is harder to see when using the Windows ICS firewall

    If you are not using any messengers (like windows or microsft messengers), then disable the UPnP in the router itself and disable the SSDP and the UPnP Services in the Administrative Tools of the Control Panel. That usually works. It should quiet things down.

    You could try a TCP/IP reset using TCP/IP repair. That may fix some widows mistakes with the TCP/IP stack. It is simple to use - just install, click both buttons and immediately reboot.


    But I would leave the router/dhcp server as Trusted and just set the rest of the home network as Blocked in the Zones of the Firewall section of the ZA. This way the other PC is completely blocked off by default. If it attempts to communcate, the ZA will see and block the attempts.
    Plus I would disable the File and Printer Sharing and the Remote Assistance to help lock the PC down a little more.

    You could consider, if the assigned IP by the router to the PC is permanent and the DNS servers IP never changes and this is a desktop, to lock the DHC and DHCP in the TCP/IP Properties of the Network Properties. Then disable the DNS and DHCP services. This will lock everything in place and give some enhancement to security.

    You could consider a double router LAN as discussed here if you are very serious about extra LAN protection.

    Oldsod

    Message Edited by Oldsod on 09-29-2007 09:27 PM
    Best regards.
    oldsod

  3. #3
    steverb Guest

    Default Re: Zonealarm Blocks Access to Router LAN

    Thanks for the pointers.
    I think I have resolved the issue although I am unsure as to why this should be happening.
    I have disabled the Filter Ports Above 1394 checkbox and the problem seems to have gone away.
    This is not ideal but nonetheless it has somewhat lowered my frustration levels.
    I will try the other suggestions you have put forward as well.
    The boy uses messaging through the router but I have disabled uPnP
    to see what impact it has on his programs.
    I can see what port was mapped from the router logs so if necessary I can alway manually enable that.
    I would like to explore the option of making the LAN trusted and just blocking the other PC.
    My only query related to that is does this not make me totally reliant on the Router Hardware firewall to protect me from the Internet gateway?
    I have NAT enabled and it drops any anonymous requests but is this sufficient?
    Lastly, hoping this is not taking up too much of your time, but do you have a link to a good introduction to firewalls for wanabies such as myself?
    Cheers

  4. #4
    jerrito Guest

    Default Re: Zonealarm Blocks Access to Router LAN

    Hi there,
    I think I
    ve got since a couple of weeks the same problem. A couple of months ago
    I started using my personal laptop at work where they installed a server a few weeks ago. Since the server is operational ZoneAlarmSecurity seems to block. As SteveRB describes the symbol in the right corner doesn
    t show any traffic. A
    right click to obtain the menu to open ZAS results in nothing; opening ZAS via the start-menu results in nothing. There
    s no reaction from ZAS what-so-ever.
    Besides this, the whole processing unit is heavily affected as all operations take an incredible amount of time, e.g. opening the TaskManager, or even just clicking 'AllPrograms',
    alone takes about a minute...
    In the TaskManager I noticed a file 'vsmon.exe' that takes up an average of 40Mb of memory usage. Some research later I know that this is a file from ZAS that often causes this slow-down of processing. The general solution seems to be to shutdown ZAS and re-start it. And if it doesn
    't help repeat this... Is this the way I
    m supposed to work with ZAS? I wouldn't think so...
    I must say that I
    m very disappointed in ZAS. After I
    ve been using ZAS for some years now I decided a year ago to buy the SecuritySuite. This is not what I expected.
    If someone knows a solution, a setting or anything, please share it.
    Thanks.

  5. #5
    jerrito Guest

    Default Re: Zonealarm Blocks Access to Router LAN

    I replied to SteveRB because I do not understand anything you
    re describing... I
    m sorry for that, I
    m just not very good with these things... A just no how to work with a computer, and don
    t know too much of 'why' or 'how' it works...
    Can I get a 'step by step' for laymen?
    Thanks,Jerrito


  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zonealarm Blocks Access to Router LAN

    Filter Ports Above 1394 is just for FireWire uses. Disabling this in the ZA still means all of the ports are getting inspected. If not using the Firewaire, it is safe to do. But that would make me think if the Firewaire is not being used, then the firewire adapter can be safely disabled.

    You are assuming the router IP and the subnet is the LAN? The subnet has nothing to do with the entire LAN - it is only for the router IP and nothing else. As soon as you hooked up the router, it's DHCP server was basically Trusted (with or without the ZA). So you are relying on it's services anyways. It is not the LAN that gives the connection but the router itself. Blocking the entire LAN with the exception of the router or making the entire range of the LAN (which is probably 192.168.0.0-192.168.255.255) and making the otther PC IP as Blocked is your choice. But all you probably need is the router IP and it's subnet, not the entire LAN. Besides, the user of the the other PC can easily change his assigned IP and obatin a new IP - thus pplacing himself back into the Trusted range if you make the entire LAN as Trusted.

    As for the NAT protection of the router (and probably it's SPI), that is only part of the protection. Routers can be beaten by hackers and even malformed and bad packets often slip by routers firewalls. So a software firewall is still needed to provide that second layer of defense from the internet. Plus routers have no outbound control or application control as the desktop software firewall does.

    Oldsod

    Message Edited by Oldsod on 10-01-2007 05:59 PM
    Best regards.
    oldsod

  7. #7
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zonealarm Blocks Access to Router LAN

    Hi Jerrito

    I'm not going to even try to handle to users in the same thread with completely different issues! Plus it is forum policy for users to start their own thread, instead of hijacking threads in progress. Please start your own thread!
    Cheers, Oldsod
    Best regards.
    oldsod

  8. #8
    jerrito Guest

    Default Re: Zonealarm Blocks Access to Router LAN

    Jeez...Here I was, looking for help, THINKING I had the same problem, explaining that I didn't know much about it and what do I get: a mouth-off and policy talk.Thanks man.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •