CPF and WallWatcher

New CPF user. Seems ok so far but still making the move from ZA to CPF. I cannot get WallWatcher to log traffic. Any suggestions? I am getting no alerts from CPF to allow any inbounds, etc. So far I have edited the one WallWatcher entry to allow any TCP\UDP traffic. If I disable CPF the logs start immediately.

Ok post to myself. It seems to be working now. I reran the “Define a new Trusted Zone” wizard. After that it started working but I haven’t found anything different than before so still learning.

G’day Jbob
I was thinking of having a play with wallwatcher, could you let me know if it continues working.
I was ZA free user up till a few months ago when it just got too buggy. I’ve found cpf to be a very good product, does take a bit of learning, but not as complicated as it first appears.


Many users kept on using the older versions on ZA(4.5.594 or 5.5.094) however I figured it’s time to move on. I simply refuse to use the latest versions of ZA.

Yes I seen that advised by a number of people. Updates to products like firewalls are usually released because of security concerns, so what’s the sense in using an older version of the product.
The latest ver of za sent my system into meltdown. I had been thinking about changing for a couple years, every update seemed to get buggier.
There seems to be a mindset you get into as a za user, it’s so simple to use that other firewalls which require a bit of user input seem to be beyond your capabilities.

"I am so clever that sometimes I don’t understand a single word of what I am saying.”
Oscar wilde

Just a note, unlike some firewalls, CFP does not automatically alert you to blocked incoming connections (nor are you given an option to have it do so). For that matter it doesn’t alert you to any blocked outgoing connections. It will alert to an unknown/changed application attempting to connect, IF that is attempting to connect in a way that is allowed by the Network Monitor. IF the application is attempting to connect in a way that is not allowed by the Network Monitor, it will be silently blocked by such.

However, any trigger to the Application Monitor, Component Monitor, or Application Behavior Monitor should be logged, along with any Network Monitor items that are tagged for logging.