I am trying the CIS latest version and I stumbled upon an issue with firewall configuration -
I have LAN interface, WiFi interface in 2 PCs and I have them both set as not trusted (when I was presented a window about new network interface I have not selected any of two checkboxes). These two zones are not mentioned in blocked zones.
I have configured another 2 zones LAN-Trusted with explicitly told IP addresses and WiFi zone with explicitly mentioned IP addresses. In stealth wizard I have set to trust these 2 trusted zones.
Can you show us the Global rules for your set up? They can be found under Firewall → Advanced → Computer security policy → Global rules. Also show us your Application rules for System. The application rules are in the same window as the other rules but under the other tab.
What are the IP addresses of your router and your modem? I think they may be not part of the trusted network and therefore blocking you access to the net.
A closer look at your global rules learns me that there is one rule missing. The one that allows outgoing traffic. Look at this screenie. It is the rule saying Allow IP out from IP any to IP Any where protocol is any.
Do your NICs (wired or wifi) have static addresses or do they acquire an address by DHCP from your router?
Did you define the zones by address range or by netmask?
Are there any relevant entries in the logs when the connections are dropped?
Re. Q1 (above), if your PCs get their address by DHCP, how are you sending addresses in both the 192.168.0 and 192.168.98 subnets from the one DHCP server?
Do your NICs (wired or wifi) have static addresses or do they acquire an address by DHCP from your router?
my NICs have static addresses; I don;t use DHCP service
Did you define the zones by address range or by netmask?
the zones (WiFi-Trusted and LAN-Trusted) are defined by IPs, every explicitly told, no netmask used
Are there any relevant entries in the logs when the connections are dropped?
only 1 side (Comodo under XP SP3 has no entries in its logs, Comodo under Vista SP1 is blocking connections)
And strange is that sometimes connections work and sometimes not.
Connection from XP to Vista is always blocked
Connection from Vista to XP is sometimes blocked.
The behavior is erratic and I can’t find any pattern in it - when is it blocking and when is it allowing connection. The only way how to make it work until now was to disable Comodo firewall under Vista.
If you disable the wifi cards on both PCs and only use wired connections, does the problem go away? If not, try enabling the wifi cards on both and disabling the wired NICs.
I’ve suggested this to try and reduce the problem to a base level. If we can get it reliably working on one kind of NIC or the other and the problem reoccurs when dual NICs are enable, then at least we know where to start digging.
My gut feeling is that it is tied up with A) the dual /NIC setup, B) the varying subnetting used, C) Vista just being a pig (not unheard of ^_^) or D) all of the above.
As I suggested, see if you can get it working with a single comms medium to start with.
Cheers,
Ewen
P.S> Why do you have dual NICs if Windows can’t bind an app to a particular NIC? Just curious.
Since you only use one NIC at a time, A and B are irrelevant.
The only way how to make it work until now was to disable Comodo firewall under Vista.
I think the focus needs to be on the Vista box. Can you clear the firewall logs, make all existing rules logging (by selecting “Log as a firewall event if this rules is fired”), run the two PCs using Wifi until the connection fails and then export the firewall logs if there is anything pertinent in them and then post the exported logs back here.