New My Network Zones entry not working

[Guest]

[bladeanon]

In CFP 3.0.25.378 I just added a new entry to My Network Zones:
 - Name: My IP
 - Address Type: Single
 - Address: 192.168.1.1

I then added the Zone (My IP) to the destination address of a network policy rule. When trying to connect to the address Comodo passes the rule and prompts me to Allow/Deny the connection.

If I edit the policy rule and change the destination address to a Single IP (192.168.1.1) instead of a Zone (My IP) , it works just fine.

Funny thing is; I have a bunch of existing single address zones that seem to be working fine.

Any ideas?  Thanks.

[bladeanon]

In CFP 3.0.25.378 I'm trying to set up a network policy rule for comms between safe networks:

My Network Zones
 - Name: Safe Networks
 - Address Type: Range
 - Address Start: 192.168.0.0
 - Address End: 192.168.255.255

I then added the Zone (Safe Networks) to the source and destination addresses of a network policy rule:

Network Control Rule
 - Action: Allow
 - Log: No
 - Protocol: IP
 - Direction: In/Out
 - Source Address: Zone: Safe Networks
 - Destination Address: Zone: Safe Networks
 - Source Port: Any
 - Destination Port: Any

This doesn't seem to work, even though the local and remote addresses for my connections are both in the Safe Network address range.  If I create two rules; one for inbound and one for outbound, it works.

Network Control Rule
 - Action: Allow
 - Log: No
 - Protocol: IP
 - Direction: In
 - Source Address: Zone: Safe Networks
 - Destination Address: Any
 - Source Port: Any
 - Destination Port: Any

Network Control Rule
 - Action: Allow
 - Log: No
 - Protocol: IP
 - Direction: Out
 - Source Address: Any
 - Destination Address: Zone: Safe Networks
 - Source Port: Any
 - Destination Port: Any

Any ideas?  Thanks.

[gibran]

Network Control Rule
 - Action: Allow
 - Log: No
 - Protocol: IP
 - Direction: In/Out
 - Source Address: Zone: Safe Networks
 - Destination Address: Zone: Safe Networks
 - Source Port: Any
 - Destination Port: Any

This doesn't seem to work, even though the local and remote addresses for my connections are both in the Safe Network address range. 

Does Windows XP say your network adapter has limited or no connectivity?
Can you reset  your log and take a screenshoot of blocked packets in your logs and other global rules?

[bladeanon]

Thanks for combining my two reported issues - though I believe they separate problems...

Okay, regarding the In/Out to same Zone issue - No - my adapter does not have limited connectivity.

Attached screen shots for your reference.  Thanks.

PS - It's probably important to note that the 10.6.x.x addresses are from a Cisco VPN client and the 10.2.x.x addresses are part of the remote VPN network.

[sded]

Take a look at http://forums.comodo.com/bug_reports/network_control_rule_cannot_only_change_the_description_3025378_x32-t23946.0.html and http://forums.comodo.com/bug_reports/bug_3025_x32_firewall_my_network_zones-t23520.0.html , other reccent 3.0.25 bug reports.  Seems to be related new issues in 3.0.25.  Suggestion would be to go back to 3.0.24 until the problem is fixed-I am still using that and have no such problems.  You can get it at http://filehippo.com/download_comodo/ .

[gibran]

You may wish to export your configuration and revert back to a previous CFP version.

It looks that application rules have issues when a Network zone group is used.
Although the test cases are slightly different.

Does this issue affect Global rules in the same way?
Are non VPN networks affected in the same way?

On my machine here I setup a global rule to allow my LAN (one singe IP range) using allow IP IN/out source LAN dest LAN proto ANY followed by a block all IP in/out rule.

Lan connectivity was not affected.

[AeoniAn]

I'm reverting too. v25.378 rules are not trustfull b/c they are forgotten...

THANK's for the advice.  And let's wait for a new version.  AGAIN!

[bladeanon]

Okay - I seem to have figured it out - I had a pesky period '.' in one of my Predefined Firewall Policies.

It seemed to be affecting that applications' policy and at least some of the application policies that followed it.  Removing the period seems to have fixed everything.

It might be worthwhile for the CFP to validate these type of fields that obviously have naming restrictions.

I figured this out by setting up a very simple test configuration and things seemed to work okay.  Then I looked at my normal config to see what looked non-standard.  I guess I got lucky.

Thanks to everyone that replied!

[Haos]

From what i tried, the problem happens with both global and application rulesets.

[sergeyn]

Same here, new added network zones don't work

[Tags:]