So, after the fiasco of dealing with MS ICS and trying to share the internet across two two network adaptors on my motherboard (see here:http://forums.zonealarm.com/showthread.php?t=79025), I decided enough is enough and punted for a WiFi router.
It's a TP-Link (router setup was surprisingly straight forward if I am honest).
This maybe not a specific ZA question, but you folks are cleaver and helpful people and maybe able to sort me out, if there is an issue here.
I have the following settings done through the routers config:
Dynamic DHCP: Off (computers use static IP addresses within 192.168.0.2-254 range, with the 255.255.255.0 subnet and 192.168.0.1 gateway [the router's IP] and the DNS is set to my cable providers two DNS addresses 22.214.171.124 and 126.96.36.199.
Broadcast SSID: Off
WiFi Password Security: WPA2-PSK (AES?)
MAC address filtering: Enabled, only the main PC (wired) and netbook (wifi) can access resources.
Additionally, the only MAC that can login to the router setup page is the main PC.
Router Firewall: On
I set ZA (on WinXP PC) to put 192.168.0.1/255.255.255.0 network in "public" zone and the DHCP server (188.8.131.52 Virgin Media ISP) IP address in "public zone".
When I wanted to connect the netbook for file/print sharing, I specifically added it's IP address (in this case 192.168.0.101) to the "trusted" zone.
All is well, and I get internet connectivity on both the Main WinXP PC and Win7Starter netbook.
With the Win7 netbook putting the seen network into Workgroup mode, I can share resources of the XP machine with the Win7 machine (but not other way around).
Now as far as I can tell, I have security as good as it's going to get on the Main XP PC, well of course with Windows XP and ZoneAlarm and a router and no additional security software/devices. I checked with audit my PC and it seems fine, I get "no ports open".
However, should the netbook be running in workgroup mode? I scanned checked the netbook with audit my PC and no ports were open.
Is there a way using WindowsFirewall I can tell it to act more like ZA, and put just my main PC's IP as a trusted zone, and any others from the same 192.168.0.X group still remain in public?
I didn't want to install ZA on the netbook really, because it's only an Atom processor and needs everything to be as light as possible, hence the Windows Firewall, and MS Security Essentials.
I guess I am a bit cheeky asking that here...but a few folks I've dealt with on this forum have been really great help.