Welcome, Guest. Please login or register.
September 06, 2008, 12:52:01 AM

Login with username, password and session length

188876 Posts
22022 Topics
52821 Members

Latest Member: bilingual

Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products
| |-+  Comodo Firewall
| | |-+  Bug Reports
| | | |-+  New My Network Zones entry not working
« previous next »
Pages: [1] Go Down Print
Author Topic: New My Network Zones entry not working  (Read 1199 times)
bladeanon
Newbie
*
Offline Offline

Posts: 6


« on: June 19, 2008, 02:51:12 PM »

In CFP 3.0.25.378 I just added a new entry to My Network Zones:
 - Name: My IP
 - Address Type: Single
 - Address: 192.168.1.1

I then added the Zone (My IP) to the destination address of a network policy rule. When trying to connect to the address Comodo passes the rule and prompts me to Allow/Deny the connection.

If I edit the policy rule and change the destination address to a Single IP (192.168.1.1) instead of a Zone (My IP) , it works just fine.

Funny thing is; I have a bunch of existing single address zones that seem to be working fine.

Any ideas?  Thanks.
Logged
bladeanon
Newbie
*
Offline Offline

Posts: 6


« Reply #1 on: June 19, 2008, 03:00:47 PM »

In CFP 3.0.25.378 I'm trying to set up a network policy rule for comms between safe networks:

My Network Zones
 - Name: Safe Networks
 - Address Type: Range
 - Address Start: 192.168.0.0
 - Address End: 192.168.255.255

I then added the Zone (Safe Networks) to the source and destination addresses of a network policy rule:

Network Control Rule
 - Action: Allow
 - Log: No
 - Protocol: IP
 - Direction: In/Out
 - Source Address: Zone: Safe Networks
 - Destination Address: Zone: Safe Networks
 - Source Port: Any
 - Destination Port: Any

This doesn't seem to work, even though the local and remote addresses for my connections are both in the Safe Network address range.  If I create two rules; one for inbound and one for outbound, it works.

Network Control Rule
 - Action: Allow
 - Log: No
 - Protocol: IP
 - Direction: In
 - Source Address: Zone: Safe Networks
 - Destination Address: Any
 - Source Port: Any
 - Destination Port: Any

Network Control Rule
 - Action: Allow
 - Log: No
 - Protocol: IP
 - Direction: Out
 - Source Address: Any
 - Destination Address: Zone: Safe Networks
 - Source Port: Any
 - Destination Port: Any

Any ideas?  Thanks.
Logged
gibran
Forum Member
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 3434


Sometimes words are meaningless indeed...


« Reply #2 on: June 19, 2008, 03:19:11 PM »

Network Control Rule
 - Action: Allow
 - Log: No
 - Protocol: IP
 - Direction: In/Out
 - Source Address: Zone: Safe Networks
 - Destination Address: Zone: Safe Networks
 - Source Port: Any
 - Destination Port: Any

This doesn't seem to work, even though the local and remote addresses for my connections are both in the Safe Network address range. 

Does Windows XP say your network adapter has limited or no connectivity?
Can you reset  your log and take a screenshoot of blocked packets in your logs and other global rules?
« Last Edit: June 19, 2008, 03:51:45 PM by gibran » Logged

bladeanon
Newbie
*
Offline Offline

Posts: 6


« Reply #3 on: June 19, 2008, 06:23:14 PM »

Thanks for combining my two reported issues - though I believe they separate problems...

Okay, regarding the In/Out to same Zone issue - No - my adapter does not have limited connectivity.

Attached screen shots for your reference.  Thanks.

PS - It's probably important to note that the 10.6.x.x addresses are from a Cisco VPN client and the 10.2.x.x addresses are part of the remote VPN network.
« Last Edit: June 19, 2008, 06:25:15 PM by bladeanon » Logged
sded
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 1835



« Reply #4 on: June 19, 2008, 06:43:17 PM »

Take a look at http://forums.comodo.com/bug_reports/network_control_rule_cannot_only_change_the_description_3025378_x32-t23946.0.html and http://forums.comodo.com/bug_reports/bug_3025_x32_firewall_my_network_zones-t23520.0.html , other reccent 3.0.25 bug reports.  Seems to be related new issues in 3.0.25.  Suggestion would be to go back to 3.0.24 until the problem is fixed-I am still using that and have no such problems.  You can get it at http://filehippo.com/download_comodo/ .
Logged

CFP 3.0.24/368, Vista Ultimate 32x + SP1, Avast! 4.8, Windows Defender.  SAS offline.  Acronis True Image just in case.  Wink
gibran
Forum Member
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 3434


Sometimes words are meaningless indeed...


« Reply #5 on: June 19, 2008, 09:04:38 PM »

You may wish to export your configuration and revert back to a previous CFP version.

It looks that application rules have issues when a Network zone group is used.
Although the test cases are slightly different.

Does this issue affect Global rules in the same way?
Are non VPN networks affected in the same way?

On my machine here I setup a global rule to allow my LAN (one singe IP range) using allow IP IN/out source LAN dest LAN proto ANY followed by a block all IP in/out rule.

Lan connectivity was not affected.
Logged

AeoniAn
Comodo Member
**
Offline Offline

Posts: 43


COMODO is the BEST, I'm happy and safe.


« Reply #6 on: June 20, 2008, 07:56:27 PM »

I'm reverting too. v25.378 rules are not trustfull b/c they are forgotten...

THANK's for the advice.  And let's wait for a new version.  AGAIN!
Logged

CFP v3.0.25.378 back to v3.0.24.368 x86, FW in Custom Policy Mode, D+ in Paranoid mode.
Sempron 3000+, MB MSI-7145, 1GB RAM
WinXP-Pro-BR SP3 32bits full-updated
NOD32 v3 back to v2.70.39, PG2-RC1-test2-2, no other security app
Zero, Nada, No-one single infecction for 23 months.
bladeanon
Newbie
*
Offline Offline

Posts: 6


« Reply #7 on: June 20, 2008, 09:49:09 PM »

Okay - I seem to have figured it out - I had a pesky period '.' in one of my Predefined Firewall Policies.

It seemed to be affecting that applications' policy and at least some of the application policies that followed it.  Removing the period seems to have fixed everything.

It might be worthwhile for the CFP to validate these type of fields that obviously have naming restrictions.

I figured this out by setting up a very simple test configuration and things seemed to work okay.  Then I looked at my normal config to see what looked non-standard.  I guess I got lucky.

Thanks to everyone that replied!
Logged
Haos
Newbie
*
Offline Offline

Posts: 9


« Reply #8 on: June 26, 2008, 03:49:03 PM »

From what i tried, the problem happens with both global and application rulesets.
Logged
sergeyn
Newbie
*
Offline Offline

Posts: 5


« Reply #9 on: August 10, 2008, 12:37:55 PM »

Same here, new added network zones don't work
Logged
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Firewall
Page created in 0.186 seconds with 19 queries.
Powered by SMF 1.1.5 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Design by 7dana.com