Please help with Z Alarm and/or Sygate settings

Please help with Z Alarm and/or Sygate settings
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Networking Firewalls    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Please help with Z Alarm and/or Sygate settings PeterX 06-03-2005
Posted by PeterX on June 3, 2005, 11:31 am
If you were  Registered and logged in, you could reply and use other advanced thread options
My computer is connected to a router and I am running a web server.
This server is supposed to receive requests only from a specific
internet IP address,
and not any other one, plus the requests from my own computer. I tried
to set this up, and I
am still receiving hits, which are probably scanners, robots, zombies,
and who knows what.

I tried both ZA and Sygate to block all IPs except one or two, and had
better luck with the former. However, I'd like to use Sygate instead.
It's smaller and apparentely less confusing. I'll post my settings in
both, because I'd like to make both work, just in case

Here are my settings in ZA:
--------------------------------

* Firewall/Main/Internet Zone Security = High (no Custom settings, just
default)
* Firewall/Main/Trusted Zone Security = Med (no Custom settings, just
default)

I assume the default High settings for the internet zone block incoming
at port 80,
so I set up an expert rule (explained below). Do I need to adjust also
the custom settings?

* Firewall/Zones/Network = 192.168.1.0
* Firewall/Main/Advanced/Security/Internet Conncection Sharing

Here I am confused. If my computer is connected to a router, do I have
to check
"My computer is in a ICS/NAT gateway" ?

* Firewall/Expert:
----------------------

Here I created one rule:

* State = enabled
* Action= allow
* Source = the internet IP address I only want HTTP requests from.
* Destination = My Computer
* Protocol = TCP / Destination Port: HTTP - 80 / Source Port: HTTP - 80
* Time = Any

Here are my settings in Sygate:
--------------------------------
* Advanced Application Configuration window

-Name of Application: (web server's name)
-Application restrictions / trusted IPs : (the internet IP that I want
to give access to)
-Remote server ports; TCP = 80 ; UDP=nothing ; Act as client=checked
-Local ports; TCP = 80 ; UDP=nothing ; Act as server=checked

Allow ICMP traffic = checked

I'd appreciate any help with these settings, because whatever I did,
It's not having the
results I want. With ZA, the web server still receives requests from
unwanted IP addresses,
with Sygate, access to the server seems ok, but the server logs don't
show there was access (?)
That's weird.



Posted by Duane Arnold on June 4, 2005, 2:56 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
PeterX wrote:

> My computer is connected to a router and I am running a web server.
> This server is supposed to receive requests only from a specific
> internet IP address,
> and not any other one, plus the requests from my own computer. I tried
> to set this up, and I
> am still receiving hits, which are probably scanners, robots, zombies,
> and who knows what.

Well, if you had a low-end FW appliance that ensures that only HTTP traffic
comes down port 80, that would stop a lot of it and you would not be too
concerned about it.
>
> I tried both ZA and Sygate to block all IPs except one or two, and had
> better luck with the former. However, I'd like to use Sygate instead.
> It's smaller and apparentely less confusing. I'll post my settings in
> both, because I'd like to make both work, just in case
>

Your problem here is you think that some PFW solution is going to protect a
WEB server when the Web Server has been exposed to the public Internet. You
can install all the PFW(s) you want and they are not going to provide the
protection needed.

If this is an IIS Webserver, have you even secured IIS, the O/S, file
system, registry, user accounts etc etc from attack for a machine that
being exposted to the public Internet?

That's where you need to be focused on and not some snake oil PFW solutions
trying to protect a Web server exposed to the Internet.

Duane :)



Posted by Xenophaw on June 13, 2005, 4:29 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> My computer is connected to a router and I am running a web server.
> This server is supposed to receive requests only from a specific
> internet IP address,
> and not any other one, plus the requests from my own computer. I tried
> to set this up, and I
> am still receiving hits, which are probably scanners, robots, zombies,
> and who knows what.
>
> I tried both ZA and Sygate to block all IPs except one or two, and had
> better luck with the former. However, I'd like to use Sygate instead.
> It's smaller and apparentely less confusing. I'll post my settings in
> both, because I'd like to make both work, just in case
>
> Here are my settings in ZA:
> --------------------------------
>
> * Firewall/Main/Internet Zone Security = High (no Custom settings, just
> default)
> * Firewall/Main/Trusted Zone Security = Med (no Custom settings, just
> default)
>
> I assume the default High settings for the internet zone block incoming
> at port 80,
> so I set up an expert rule (explained below). Do I need to adjust also
> the custom settings?
>
> * Firewall/Zones/Network = 192.168.1.0
> * Firewall/Main/Advanced/Security/Internet Conncection Sharing
>
> Here I am confused. If my computer is connected to a router, do I have
> to check
> "My computer is in a ICS/NAT gateway" ?
>
> * Firewall/Expert:
> ----------------------
>
> Here I created one rule:
>
> * State = enabled
> * Action= allow
> * Source = the internet IP address I only want HTTP requests from.
> * Destination = My Computer
> * Protocol = TCP / Destination Port: HTTP - 80 / Source Port: HTTP - 80

You set both the source and destination port to be 80, but a browser which
connect to a http server doesn't have a source port with that number: it
uses any free port higher that 1024, as the first 1024 ports are usable from
a process with root privileges.

> * Time = Any
>
> Here are my settings in Sygate:
> --------------------------------
> * Advanced Application Configuration window
>
> -Name of Application: (web server's name)
> -Application restrictions / trusted IPs : (the internet IP that I want
> to give access to)
> -Remote server ports; TCP = 80 ; UDP=nothing ; Act as client=checked
> -Local ports; TCP = 80 ; UDP=nothing ; Act as server=checked
>

Ditto. For the remote ports it would be used a value that says "every
value".

> Allow ICMP traffic = checked
>
> I'd appreciate any help with these settings, because whatever I did,
> It's not having the
> results I want. With ZA, the web server still receives requests from
> unwanted IP addresses,
> with Sygate, access to the server seems ok, but the server logs don't
> show there was access (?)
> That's weird.
>


I hope that resolves your issue.
--
Xenophaw




Similar ThreadsPosted
importing zone alarm settings? January 15, 2005, 11:34 am
Zone Alarm Pro Privacy settings changing April 8, 2005, 11:49 am
Zone Alarm Firewall Network Settings November 4, 2005, 2:08 pm
firewall settings November 15, 2004, 1:25 am
ZoneAlarm Settings Help June 18, 2005, 8:49 am
firewall settings June 7, 2007, 9:17 am
new ZoneAlarm won't hold settings April 30, 2005, 6:08 am
javaw.exe and firewall settings June 23, 2005, 12:22 pm
ZoneAlarm, How to backup the settings? December 23, 2005, 11:25 pm
Forcing proxy settings March 16, 2006, 1:50 pm

The site map in XML format XML site map

Contact Us | Privacy Policy