Greting, established successfully ICS sharing on WiFi adapter but have one problem, while CPF is in User rules mode, the internet is inaccessible on connected device. As soon as I switch to inactive state, shared internet works. I have temporarily solved it by unchecking CIS Firewall Driver on wireless adapter and leaving firewall in active mode. This works however no more my WiFi driver is protected.
A firewall rules solution would be necessary…Firewall detected new network on ICS activating. Marked as home connection, and it is whitelisted in global rules (allow any connections to/from this zone). No help, still blocking. …
Can you show the Firewall logs, the Global Rules and the Application Rules of your host machine?
Sure. Where exactly do I find the logs?
My hotspot setup:
Wifi adapter connection details:
CPF zones entry for this network:
CPF rule to allow everything from this zone:
CPF rule to allow everything to this zone:
Thank you for the screenshots. The firewall logs can be found under View Firewall Events.
What rule do you have set up for the Connectify application that you are using?
Both Connectify app and service have assigned trusted application class so they should have no restrictions. I looked at the log and find no entries bound to the time when I was attempting to access internet from connected phone.
I redefined my home network zone to 192.168.0.0 with 255.255.0.0 submask which doesn’t seem to change anything.
Is there an option to force firewall logging for all rules even those not set to log on trigger!
Please make sure that Block Fragmented IP datagrams is disabled.
Can you also post a screenshot of your Global Rules?
The best way to make CIS log is to set the firewall to stealth using the third option in Stealth Ports Wizard.
After this go to Global Rules and look for the Block rule at the bottom. Edit that rule to Block and Log. Now we should see blocked incoming traffic.
In your global rule change direction fron “in \ out” to “In” and change destination adress to “any”. Also make sure that this rule is above “block all” rule (if you used stealth ports wizard). I think that should fix it.
Bucky Kid,
Have you enable "This computer is an internet connection gateway (i.e. an ICS Server) " in FW > Firewall Behavior Settings > Alert Settings? If no, enable it to see if that changes something.
There are quite a few threads about configuring Connectify. Here’s one that may help:
Configuring rules for Connectify
From what I recall, ICS needs rules configured for the pseudo process ‘Windows Operating System’. Unfortunately, Version 6 appears to have removed access to this, so further investigation may be needed.
Yes I have this enabled
General Settings
- User rules
- Create rules for safe applications ON
- Enable IPv6 filtering OFF
- Auto detect new networks ON
- Show trustconnect for unsecured wireless network OFF
- Show trustconnect for public network ON
- Not to show alert OFF
Alert Settings
- Low
- Computer is ICS gateway ON
- Show alerts (all kinds) ON
Advanced setting
all choices OFF
I didnot follow this scheme exactly but as I wrote I had both Connectifyd.exe and Connectify server assigned trusted application preset ie. they should have already all ingoing/outgoing communication enabled. If I get it working with CPF I will consider to tighten the rules for both applications according to this guide in the end.
Moreover, current global network configuration now:
Network rules > Network zones
Home Network:
- Subnet Mask 192.168.0.0 / 255.255.0.0
Network rules > Global rules
- Allow IP IN/OUT from network zone Home Network to any address using any IP protocol
- Allow IP IN/OUT from any address to network zone Home Network using any IP protocol
This doesnot work, or more exactly the connected device seems to have very poor internet access (several times I maybe noticed the device after some delay loaded a base of web page with no styles, no pictures etc.)
For which of the two above listed rules ?
Yes both global rules for Home Network are ontop.
Block fragmennted IP datagrams is OFF, current global rules:
Yet I’m going to check the logging and will post the result…
Thanks for all replies for now.
I followed the advice by EricJH: Used Stealth ports wizard, chosen network zone Home Network, applied.
Deleted existing application rules for connectifyd and connectify service. Restarted WiFi, restarted service, confirmed access for anything Connectify-related to all firewall popups, started Connectify, started hotspot. Everything is signaled as running properly. Remote device connected instantly and doesn’t indicate limited access, however as soon as I try open a web page from it I get error unable to find remote server.
There was an option for ICS in V5, is that option removed in V6?
I’m using CPF 5.12, does it matter?
Didn’t even know there’s a newer version.
Edit: Yet one finding, at least email client however seems to work fine even with firewall active. So maybe this issue only deals with http access.
Edit2: Probably I already won’t find the problem source but it has been fixed by upgrading the CIS suite to version 6. Thanks for all suggestions.