Hi!
I have 2 nics in my computer: one, wich gets it’s IP aadress from dhcp server is for internet connection and second, wich has static IP for secure LAN.
How to set up Comodo so, that between these different NICs will be absolutely no connection.
In other words: all internet activity is blocked in NIC2, but the LAN activity is allowed… :THNK
Sry my bad english…
G’day,
You could do this providing the two NICs IP addresses are on different subnets. Assuming that,
INTERNET NIC :
Create the normal internet enabling rules for the internet NIC and add a rule that blocks all traffic from the subnet that is used on your LAN.
LAN NIC :
Create a set of rules that allow traffic in and out to your LAN subnet and add a rule that blocks all traffic from the subnet that is used on your Internet connection.
If the two NICs get addresses in the same range (e.g. 192.168.X.X or 10.1.X.X or 172.16.X.X) then you would need to ensure that the statically assigned addresses are separated from the DHCP assigned ones (e.g. DHCP range = 192.168.1.1-127 STATIC range : 192.168.1.128-255). If they are separated, you could define two trusted zones which will create appropriate rules as outlined above, with the exception of the rule to block the other NIC. This would need to be created manually.
If the statically assigned and DHCP assigned addresses are intermixed, you will need to create individual rules, as CPF as no method of defining a zone of non-consecutive addresses.
Hope this helps,
Ewen 
So i have NICs:
Internet:
192.168.1.64
255.255.255.0
192.168.1.254
(From DHCP server; IP range 192.168.1.64 - 192.168.1.253)
And LAN:
192.168.1.13
255.255.255.224
192.168.1.14
Do you mean one rule with bidirectional rule or two separated rules, one for IN and one for OUT?
Wich subnet should be source and wich target? Or this is not important?
If i make rule(s) with zones (Internet NIC and LAN NIC), are results same as subnets?
And can you explain me that (rule) direction thing: it is less confusing, when one of source or destination is in local PC and another somewhere in internet. But if they both (2 subnets / zones) are in the same PC?
And last thing: These rules in the list. Wich have higher priority than another? These, wich are above other rules?
And how can i check, that these rules are working? I mean from another computer from my lan. The traffic between them is invisible…
In summary, your PC has two NICs with the following IP parameters;
LAN (NIC 1)
Statically assigned LAN IP address : 192.168.1.13
Netmask : 255.255.255.224
Gateway : 192.168.1.14
INTERNET (NIC 2)
DHCP assigned IP range : 192.168.1.64 - 192.168.1.253
Netmask : 255.255.255.0
Gateway : 192.168.1.254
To manually create a zone, click on SECURITY - TASKS - ADD/REMOVE/MODIFY A ZONE.
To allow LAN traffic via NIC 1, you could create a zone with the following parameters;
Zone Name : LAN
Start Range : 192.168.1.1
End Range : 102.168.1.14
To allow INTERNET traffic via NIC 2, you could create a zone with the following parameters;
Zone Name : INTERNET
Start Range : 192.168.1.64
End Range : 192.168.1.254
Once these two zones are created, we need to set them as trusted to create the Network Monitor rules. Click on SECURITY - TASKS - DEFINE A NEW TRUSTED NETWORK. Click NEXT and then select one of the two zones we have just created. Follow the instructions through the rest of the wizard and by the end, it will have added two rules for that zone to the Network Monitor. Repeat these steps for the other zone we created. By the end of the process, we will have an additional four Network Monitor rules, but we may be deleting one of these (as explained below).
These four rules achieve the following;
2.The OUT rule for the LAN zone allows outbound requests from your PC to IP addresses in the range 192.168.1.1 - 192.168.1.14.
3.The OUT rule for the INTERNET zone allows outbound requests from your PC to IP addresses in the range 192.168.1.64 - 192.168.1.254. As the returning data is being sent in response to a valid request from us, it is automatically accepted. Therefore we do not need to make a corresponding IN rule.
If anyone can spot anything wrong with this approach, or if there is a better way to achieve the desired outcome, please jump in and correct where necessary.
Hope this helps,
Ewen