Results 1 to 6 of 6

Thread: Problem with ZA Pro after Router replacement, nothing can connect to the internet when ZA is running

  1. #1
    unipatatas Guest

    Default Problem with ZA Pro after Router replacement, nothing can connect to the internet when ZA is running

    We have several machines running on network with ZA Pro as our preferred firewall, this has worked fine up until we had our router replaced (after a few days of running the machines without internet), now all of a sudden programs can't connect unless ZA Pro is shut down, funny though is that if a browser has been to the page before during ZA Pro being shut down, it can be accessed after ZA Pro is restarted, but ONLY those pages, nothing else, not even pages on the same domain.
    Apart from running without ZA Pro (which is a poor solution since we have static IPs), we don't know what to do.
    Nothing was changed in our configuration when the router was replaced, IPs are still the same, gateway is still the same, DNS servers are still the same.
    Anyone have any idea on what to do and/or how to troubleshoot the issue?

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:7.0

  2. #2
    futurepower Guest

    Default Perhaps your router is assigning a new subnet.

    With ZoneAlarm not running, type
    IPCONFIG
    into a DOS window.

    That will tell you the local, non-routable IP address that your router is assigning each computer in your network. For example:
    IP Address. . . . . . . . . . . . : 192.168.60.4

    The start ZoneAlarm, bring up the ZoneAlarm window, and go to Firewall/ Zones/ Add/ Subnet/

    The Zone should be "Trusted".

    Enter the new IP Address. with 0 as the last number (after the last period). For the above example enter:
    192.168.60.0
    Enter the subnet mask:
    255.255.255.0
    for a network with a maximum of 253 computers.

    ZoneAlarm with then let through traffic from that series of network addresses (subnet).

    Then delete any entries that represent subnets you aren't using now.

  3. #3
    unipatatas Guest

    Default Re: Perhaps your router is assigning a new subnet.

    The router doesn't assign IPs, the IPs are set up on each machine and are static. Nothing has changed in the setup since previous router and without ZA Pro running all machines connect to the internet fine, otherwise programs and browsers won't connect (apart from the example in my above post).
    Its the same with all the machines, regardless of IP and they're all in trusted zone.

  4. #4
    futurepower Guest

    Default Add your ISP's DNS addresses to your trusted zone.

    One useful configuration, I've found, is to add your ISP's DNS addresses to your trusted zone.

  5. #5
    unipatatas Guest

    Default Didn't work :(

    That didn't help We tried reinstalling ZA Pro on one machine, but that didn't help. It does correctly ask if programs should have internet and server rights, but then afterwards they don't work until zonealarm Pro is shut down. This is a very weird problem and its happening to all the machines that has ZA Pro on them. Identical problems.

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Didn't work :(

    Both the DNS and the DHCP (gateway) IPs must be added as Trusted to the Zones of the ZA. The actual IP of the PC does not need to be included. As to whether the IP asigned to the PC by the router is static or synamic is irevelent. It should be like this in the Zones and in the Program listing:

    1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
    2. In ZA on your machine on the Firewall>Zones tab click Add and then select IP Address. Make sure the Zone is set to Trusted
    3. Click OK and then Apply for each one.
    4. The localhost or loopback must be listed as Trusted. It has the address of 127.0.0.1
    5 The Generic Host Process or the svchost.exe listed in the Program list must have both Trusted and Internet access and it must have server rights for the Trusted Zone, but not the Internet Zone.

    http://zonelabs.donhoover.net/dnsdhcp.html

    http://www.microsoft.com/resources/d....mspx?mfr=true

    As for server rights, basically only the Generic Host Process requures server rights for the Trusted Zone. Most others will not need any server righst for the Trusted Zone, but some undoubtablely will. Always remember this rule regarding server rights:

    Server rights allowed for the Trusted Zone is for the LAN only, and by allowing there is no real threat from the internet. This opens ports to the home network and this is not a vulnerability.

    Server rights allowed for the Internet Zone is for the Internet only, and by allowing there is a real threat from the internet. This opens ports to the internet and this is a vulnerability for security.

    Cheers!

    Oldsod

    Message Edited by Oldsod on 05-22-2007 05:31 PM

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Anti-Spyware
    Software Version:6.1
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •