CFP at Work

Hi

I have started recommending CFP as a replacement for windows firewall on our laptops (which are mainly used at home but some connect to our domain). My colleague has installed CFP twice and each time, it has taken absolutely ages to logon :cry: (we are talking between 5-20 minutes). I don’t understand, as I have been using CFP for a while now on my laptop and I have not had such problems ???. I feel such a fool :-[ as I have been bigging up Comodo for a while now (including CAVS ;D ). What do you suggest to the office fool? :D. I can’t bear the thought of re-enabling windows firewall :-[.

:slight_smile:

“Logon” to what, specifically?

Logon to Windows on the laptop?

Logon on remotely to a work server?

You get the idea…

TNX,

LM

I knew what I meant, it just didn’t come out right ;D. Connecting from an XP workstation onto a 2003 domain.

:-[

Edit: I should note that logging on locally doesn’t cause any noticable delay but when it’s connecting to a domain controller :cry: (time to make a coffee).

So are we talking this scenario?:

User A has Company Laptop B (with CFP installed). User A brings Laptop B to work with him, physically connects to Company Network/Domain as workstation Company Laptop B, but is not able.

Is that right?

You know the next question…

What log entries coordinate with the time User A tries to connect Company Laptop B to the network/domain?

Is the server to which they are connecting also protected by CFP?

Has the Network Wizard been run on both laptop and server?

What are the differences between say, Laptop A and Laptop B (if Laptop A works, and B doesn’t), as far as CFP configuration?

Also, you will need to verify the CFP settings on Laptop B, not take the user’s word. It is very common that the user changes something and doesn’t say so until it comes out thru the evidence… :wink:

LM

I see where your coming from :). Both laptops using the same “default” configuration so I would expect these other laptops to connect just fine. Never had to run the network wizard on my laptop so assumed the same for the others.

:slight_smile:

Edit: I was in the same room when CFP was being installed and noticed this problem on both occasions. If I had had problems with my laptop then I would have investigated further. The only difference being that when I’ve installed CFP, it has been locally. The other guy installed CFP with his domain account.

If I remember/understood correctly the aspects of networking that would apply, by installing it on his domain account, that is a sort of roaming profile, not the local machine, and all it puts on the local machine is a “profile” of sorts, of the software. This probably won’t work, and will need to be installed fully/entirely on the local machine (laptop).

LM

When I next get hold of a laptop (or that laptop), I will test by installing locally rather than from a domain account and then connect to the domain. I’ll see if that makes any difference.

:slight_smile:

I hope everything works out.

So do I :). Just have to wait for the next laptop to roll in to test.

:slight_smile:

@Little Mac: You mentioned the network wizard (haven’t used this yet). Once run, does that allow everything on the subnet to communicate without being prompted?

:slight_smile:

Here’s the Network Wizard scenario:

Under Security/Tasks, you Add a Zone. That Zone can be named whatever you want, and you define the IP range. If you want it to encompass only part of the subnet you can do so, or the entire subnet. It will default to the entire subnet when you first go to Add the zone.

Then in Security/Tasks, go to Define a New Trusted Network. Utilize the Zone you’ve created to create the New Trusted Network.

This will add two rules to the Network Monitor. One is to Allow IP Out from Any to the Zone/Network. The other is to Allow IP In from Zone/Network to Any. They will be at the top of the list, to ensure that communication is freely allowed back and forth from the computer to/from the Zone. This is necessary for file/print sharing, etc. Unimpeded communication/traffic. From there, it’s just a matter of having the appropriate Application Monitor rules, to allow the specific applications to connect.

LM