CIS and internet access problem [Solved]

Hello,

I have the following problem:
Sometimes (ofen) when I try to reach internet by using firefox (3.0.9) the page is not available. If I disable the CIS firwall it works. So each time to begin I disable the firewall, I open firefox and I put again “safe mode”. As you can understand it is not the quickest way to use internet (when it doesn’t work with firefox, I trie with IE but it does not work too :()

I have done the following settings:
Firewall > Advanced > Network Security Policy
firefox.exe is set as “Web Browsers”.

In Defense+ > Advanced > Computer Security Policy firefox.exe is set as “Trusted Application”.

Is it something from the global rules ?
I have the following global rules:
Allow IP Out from IP Any to IP Any Where Protocol is Any
Allow ICMP From IP Any To IP Any Where ICMP Message is FRAGMENTED NEEDED
Allow ICMP From IP Any To IP Any Where ICMP Message is TIME NEEDED
BLock And Log IP In From IP ANy To IP Any Where Protocol Is Any

Thank you for your help

Fasty

You are saying that things aren’t working with IE when they are not working with FF. That may indicate you are infected with malware. Follow this guide and see if that helps: https://forums.comodo.com/virusmalware_removal_assistance/what_to_do_if_youre_infected_experience_rev2-t32467.0.html .

Can you also show us your logs of the Firewall around the time a block happens?

Thanks for your reply EricJH but for the first actions I can made, I don’t want to use an hammer to kill a aunt :wink:

Are you sure that the problem does not come from the settings of the firewall ?

I will do the malware research routine when all other “simple actions” I can made on settings will not work.

If somebody can help on what I can do on settings… please advice !

NB: EricJH, I don’t understand when you say
“Can you also show us your logs of the Firewall around the time a block happens?”

Fasty

Your Global Rules are fine. Forget the scanning for malware for now.

Also let Diagnostics run to see if your installation is ok or not. Diagnostics can be found under Miscellaneous.

I mean when the blocking happens can you take a screenshot of the Firewall logs? They can be found under Firewall → Common Tasks → View Firewall events.

I have done the diagnostic run when it was not possible to reach internet: No problem

About the logs, you’ll find attached.

Fasty

[attachment deleted by admin]

First of all try putting the broadcast address 255.255.255.255 to your local network zone. Go to Firewall → Common Task → My Network Zones → select your local network → add → a new address → add 255.255.255.255 → Apply -->Apply.

Now start the Stealth Ports Wizard → Select “Define a new trusted network and stealth my ports to everyone else” → Next --? Select “I would like to trust an existing Network Zone” → select your local network from the dropdown box at the bottom → Finish

Can you tell me what devices use the following IP addresses:
192.168.1.254
10.55.32.1

I have done what you suggest.

For the moment it is working :smiley: I will come back to say if it is “sustainable”

Thank you !

could you explain how does work the modification you gave ? and why it does not happen for all users ?

About the device having the IP addresses you asked. How do you do to know that ?

Thank you again

Regards

fasty

Unfortunatly, It doesn’t work anymore ! :-[

I have to switch to firewall “disable” and come back to safe mode.

Please Help !

fasty

The reason I am asking about the IP addresses is that I want to know more about your network.

192.16.1.254 may be from your modem/router (the Speedtouch ADSL modem/router I use has this IP address for the web interface). What modem are you using? Are you also using an extra wireless router or access point?

Try typing in 192.168.1.254 in the address bar of you browser and see where it takes you. Do the same thing for the 10.55.32.1 IP address.

192.168.1.254: It goes to “DARTY BOX” basic page (where I can configurate my internet links) DARTY BOX: is my Internet Provider (France)

10.55.32.1: I tried to put it in my browser: no answer ???

Fasty

Are you the only person using this connection? Can you tell me what the IP address is of your computer?

I was looking at your topic start. You wrote down the Global Rules. You did not write down the direction for the ICMP rules. What is the direction for the ICMP rules?

I am sorry EricJH, I don’t want to give the IP of my computer.

Concerning the direction for the ICMP, It is written what I gave on the first posts.

I have changed an application rule. Now the only event block now is the one coming from:

10.55.32.1 to 255.255.255.255

An Idea ?

Fasty

I am not asking for your public IP address. I assume you are behind a router and wanted to know the local IP address.

Are you the only person using this connection or are there more? Do you have a wireless router or access point on your local network?

Is your local IP address a fixed address or is your computer set to get an local IP address from the DHCP server of your router?

I have only one computer connected by an Ethernet connexion to internet.

So I assume that my local address is my public address (?)

fasty

Can you do to the following for me?

Go to Start → Run → cmd (push enter) → now you get a DOS type of screen → type the following ipconfig /all (push enter; notice the space between ipconfig and /all)) → now copy paste the information about your ethernet connector here in the topic.

Again I am sorry, I don’t want give this type of information as such.

Please let me know what do you need (and why, as I need to understand ;))

Then with an example with ■■■■ information like (IP address, and others info) please explain what I have to do with my firewall. Then I will try.

I hope you understand my concerns. :wink:

Fasty

What I would like to know is your local IP address. That doesn’t breach your privacy as it is not used on the web. I think it is the 10.x.y.z address.

My local IP address on the LAN I am on is 192.168.1.70. Many other people will probably have that as well…

When I do ipconfig /all : i don’t find the 10.55.32.1 so it is not my local address.

I gave the authorization in the global rules for the communication between 10.55.32.1 and 255.255.255.255 (with the option log as a firewall event). Now I can see it as allowed in my events list.

All events I can see the list are now allowed but the problem still occured ???

I took a further look at your log and looked up the ports UDP 67 and 68 for the internal IP address 10.55.32.1 . These ports are for bootstrap protocol. That protocol assigns an IP address to your connection. It is a predecessor of DHCP and works fairly similar. I think the

It is my assumption now that when the firewall blocks this traffic you won’t get an IP address assigned and you will loose your connection.

So now you need to make a Global Rule for incoming traffic on UDP port 68.
To open the port UDP 68

Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: UDP
Direction: In
Description: Incoming Port Bootstrap

Source address: Any
Destination Address: Choose MAC or Single IP address (only when it is fixed) or Host Name
Source Port: Any
Destination Port: 68

Then push Apply → Ok.
Now look in Global rules and make sure this rule is above the basic block rule at the bottom (red icon).

Thanks for the advice.

I have done the following:
Action: Allow
Protocol: UDP
Direction: In
Description: Incoming Port Bootstrap

Source address: Any
Destination Address: Single IP address with my fixed IP address (found with Ipconfig /all)
Source Port: Any
Destination Port: 68

(I have then removed the global rule that I have created as explained in previous post)

It doesn’t work :frowning: