No access to Internet after installing

[Guest]

[mikeboug]

I've just tried to install Comodo firewall. My intention was to replace Sygate which is no longer supported since CA purchased the company.

However, after installing with all default settings, my Internet connection stopped working. I'm connected to a wireless switch (but directly with a cable) which is itself connected to an ADSL router. I tried repairing the network connection but it failed trying to get an IP address.

In the end, I had to uninstall and re-enable Sygate to obtain connectivity.

Does anyone have any ideas what the problem can be.

Many thanks.

[AOwL]

Did you only disable Sygate before you installed CFP?
You should uninstall it in that case and clean the registry and reboot before you install CFP.
Did you make a trusted network in CFP?

[Rucia]

mikeboug,

AOwl is right.  I had a similar situation with Outpost Pro.  I disabled Outpost then installed Comodo, and i couldn't get any web access.  I then uninstalled Comodo and uninstalled Outpost, cleaned the registry and re-installed Comodo, then everything was fine.

[ZLRAC]

Help.  I've had the same problem.  I had Ghostwall which I uninstalled.  Then I installed Comodo and have been unable to connect to any internet web-page.  I then closed Comodo and still had the same problem.  I did a system restore and everything is fine now w/ Ghostwall but I'd rather use Comodo.  Ideas?

[Little Mac]

Welcome, ZLRAC!

After uninstalling your firewall, you want to make sure you clean out any remaining files, registry entries, etc.  I recommend these steps:

If you don't already know what Services and Drivers the firewall installs and uses, find out - from it's help files, the company, something.

Turn the firewall off, and Disable those Services and Drivers (that way they won't start on reboot).

Go to Start/Run, type in "configsys".  Then go to the Startup tab, and uncheck any entries for the firewall.  Apply.  OK.

Reboot.

Now the firewall should not be running.  Run the uninstaller on it.  Reboot when finished.

Run a cleaner program (like CCleaner) to get rid of temp files, etc.  Reboot.

Run a registry cleaner (like RegSeeker) to get rid of orphaned registry entries.  Reboot.

Now is when you will install CFP.

LM

[Moyo]

I have a similar problem, but not all the internet is cut off.  I can use Skype and Thunderbird but not Firefox or Explorer.   Any ideas?

[Little Mac]

I have a similar problem, but not all the internet is cut off.  I can use Skype and Thunderbird but not Firefox or Explorer.   Any ideas?

Welcome, Moyo!

Sounds like they're being blocked by something... Check the Application Monitor for "Block" entries.  Check the Activity/Logs for entries showing blocks.

Also, a known possible cause (that won't show up in CFP) is the remains of a previous firewall.  Make sure you've cleaned out registry files, etc, (as posted to ZLRAC above), regarding your previous firewall.

First place to look, though, is CFP's Application Monitor and Activity Logs.

LM

[Moyo]

Thanks.  I will check, as I had Zonealarm before.  All the settings I had a look at earlier said that they should have been allowed though.

[Moyo]

I found that by unchecking the box "block fragmented IP datagrams" I was able to use the internet.  Does anyone know the significance of unticking this option?

[Little Mac]

From CFP's Help files:

Block fragmented IP Datagrams
When a connection is opened between two computers, they must agree on a Mass Transmission Unit (MTU). IP fragmentation occurs when you pass through a router with an MTU less than the MTU you are using i.e when a datagram is larger than the MTU of the network over which it must be sent, it is divided into smaller fragments which are each sent separately. Fragemented IP packets can create threats like DOS attack. Moreover, these fragmentations can double the amount of time it takes to send a single packet and slow down your download time.
Comodo Firewall Pro is set by default to block fragmented IP datagrams i.e the option Block Fragmented IP datagrams is checked by default.

Here's a MS link that discusses Windows' vulnerability (and the patch) for fragmented datagrams; they state that fragmented packets are a necessary part of communication.  http://www.microsoft.com/technet/security/bulletin/fq00-029.mspx

Here's a more technical discussion about such things.  A lot of it is highly technical, but there's some stuff there that's understandable by humans as well.  This article is geared toward filtering with a router.  http://www.faqs.org/rfcs/rfc1858.html

Based on what I am able to understand about this, a primary concern of fragmented packets is a "flood" occurring.  While you're turning off the CFP feature that specifically blocks the fragmented packets (thus allowing them), you still have the "flood" protection on (Security/Advanced/Advanced Attack Detection & Prevention).

Here's my question for you, though ~ how did you conclude to turn this off?  Did you have any Block entries in your Application Monitor?  What Activity/Log entries did you have when your browsers were stopped from accessing the web?

LM

[Moyo]

I checked the log and everytime I opened firefox and tried to got to a webpage it started blocking things complaining of fragmented data packets, so I unticked the option.  I don't use a router at the moment.

[Little Mac]

Moyo,

Can you post your log entries for this event?  To do so:

Go to Activity/Logs.  Right-click an entry and select "Export to HTML."  Save the file, open it, and copy/paste the text to your post. 

That way you can select only a section of it, and edit/mask your IP address.

There may be something specific we can address, rather than turning off that aspect of your global security.

LM

[Moyo]

No problem.  Just the ones with high in the severity.  I unticked the box because I assumed (from my skim reading of your manual) that everytime there was a high severity incident comodo automatically blocked acccess for a specified amount of time.

Date/Time :2007-02-08 21:47:17
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed


Date/Time :2007-02-08 21:47:16
Severity :Medium
Reporter :Network Monitor
Description:Outbound Policy Violation (Access Denied, ICMP = TIME EXCEEDED IN REASS)
Protocol:ICMP Outgoing
Source: x.x.x.16
Destination: 212.58.226.20
Message: TIME EXCEEDED IN REASS
Reason: Network Control Rule ID = 5


Date/Time :2007-02-08 21:47:11
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.187.153.30
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed


Date/Time :2007-02-08 21:47:06
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 71.249.120.8, Port = 22482)
Protocol: TCP Incoming
Source: 71.249.120.8:50282
Destination: x.x.x.16:22482
TCP Flags: SYN
Reason: Network Control Rule ID = 5


Date/Time :2007-02-08 21:46:56
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 71.249.120.8, Port = 22482)
Protocol: TCP Incoming
Source: 71.249.120.8:50282
Destination: x.x.x.16:22482
TCP Flags: SYN
Reason: Network Control Rule ID = 5


Date/Time :2007-02-08 21:46:46
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed


Date/Time :2007-02-08 21:46:41
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.187.153.30
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed


Date/Time :2007-02-08 21:46:41
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 80.41.181.243, Port = MS-ds(445))
Protocol: TCP Incoming
Source: x.x.x.243:3900
Destination: x.x.x.16:MS-ds(445)
TCP Flags: SYN
Reason: Network Control Rule ID = 5


Date/Time :2007-02-08 21:46:31
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed


Date/Time :2007-02-08 21:46:31
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.187.153.30
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed


Date/Time :2007-02-08 21:46:26
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed


Date/Time :2007-02-08 21:46:20
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.187.153.30
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed


Date/Time :2007-02-08 21:46:20
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are not allowed


Date/Time :2007-02-08 21:46:15
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 212.58.226.20
Destination: x.x.x.16
Protocol : TCP
Reason: Fragmented IP packets are n

[Little Mac]

Moyo,

Those incoming 212.x.x.x IP addresses are from Guardian Unlimited - www.guardian.co.uk.  I have opened the site, and have no messages about fragmented packets.  Obviously you're experiencing an issue with that, but I'm not sure why; perhaps it is being caused by something with your ISP.  If I had the same results as you, I wouldn't think anything more of it. 

Since I didn't have any fragmented packets, you may want to file a ticket with Support - http://support.comodo.com/; they will be able to help you isolate the issue in more detail.


LM

BTW, I masked the personal IP addresses in your post to protect your privacy.

[Moyo]

I think that was just website I was trying to access.  If I took other examples the IP address just points to the website I was trying to access.  Thanks for editing my post.

[Tags:]