My family has three Netgear routers, each at a different house. I want CIS Firewall to allow certain traffic at my house, but block that traffic at the other houses. I have tried to create Network Zones based on MAC addresses, and by internal IP address (at each house, my laptop is assigned a different exclusive IP address, IE 192.168.1.10 at house 1, 192.168.1.3 at another.) CIS Firewall doesn’t seem to see the difference between the routers, and when connected, says each one is the same Home#1 network. The same happens if I go to a neighbors house, and use their open wifi network.
If this question has been asked and answered, I looked, but I didn’t find a definitive answer. Thank you for your help.
This is a known limitation with any IP address based relationship, there is no way for comodo to differentiate each network when each network has the same network addressing scheme. In this case 192.168.1.0/24 this means any time your computer is assigned an ip address in this range (192.168.1.0-255) is the same network even if your physically at different locations. Your best bet is to create a new network zone that ONLY contains the MAC addresses of each the devices, NOT IP address that you want to allow connections from and create a rule for this network zone.
I cleared all of the Network Zones out, and create 1 Trusted Zone using only the MAC address of the LAN port of the router. When I turned the WiFi back on and connected, CIS Firewall ignored the rule I had made, and creates its own new rule for Home#2. I tried the same with the Internet MAC address. When I look at the Manage Networks area, all that is listed for the connected WiFi router is the IP In address, and the IP Gateway address. No MAC address or SSID. I am beginning to think that CIS Firewall relies on the user to only connect to trusted networks to begin with. Why put in the ability to add a MAC address to the RuleSet if it won’t follow it?
If CIS is creating its own rule then that means you have ‘Automatic detection of private networks’ and ‘Do NOT show popup alerts and treat location as Home’ enabled. Again cis determines what network it is connected to by the IP addresses, nothing else, so yes manage networks will show the networks ip address range in CIDR notation along with the IP address of the assigned gateway for that network. But what I would like to know is what exactly are you trying to accomplish with regards to creating rules for allowing connections.
Maybe I am going about this wrong. At three different houses, I have the same router and modem setup the same way, but with a unique SSID and password for each location. My laptop runs various cloud storage programs, skype, and utorrent automatically. I would like to tell these programs not to run while connected to 2 of the three locations, to in order to not bog down their networks. In other words, I only what Google Drive to connect to the internet at my house, not at the other 2 houses, but I don’t want to have to shut it down and restart it all the time.
When I let CIS Firewall create a rule for my home network, it applies that same rule to the other 2 routers. I have tried creating rules for the other 2 routers, but CIS Firewall keeps using the first one made at home.
Thanks for taking the time to help me out.
Ok this is what you can do, go to firewall settings under that go to network zones, make sure enable automatic detection of private networks and do not show popup alerts treat location as is UNCHECKED. create a new network zone containing the MAC address of the routers wifi and LAN switch. Then go to application rules and create rules for each application that you want to block from using the internet. For each application create the following rules:
rule 1. Action=Block Protocol=IP Direction=IN Source Address=Network zone, select the network zone created earlier Destination Address=Any IP Details=Any.
rule 2. Action=Block Protocol=IP Direction=Out Source Address=Any Destination Address=Network zone, select the network zone created earlier IP Details=Any.
Make sure these rules are above any other rules you may have for the applications in queston.