Global Network Control Rule not offering Ask function

I wanted to edit/add Global Rules for a Network Control Rule.
So I went to: Firewall - Network Security Policy - Global Rules, selected one of the rules and hit Edit.
To my surprise, the Action under General section offers only Allow or Block, there was no Ask.
The same thing if I wish to add the global network rule.
According to Comodo at Comodo Help
the General Action should show all three of the options.
How can I get “Ask” to show up here?

Hello DanFM

If you most current Stable Version of CIS (v5.5)

Ask Function is already Applied thus why the “Ask” Function is not available for selection

If you read This Article This should clear up few things.

If Rule is not in Application List or Global Rules List You’ll be alerted thus Asked Rule is automatically applied .

I hope this helps

Thanks but that did not answer the question.
I have also seen earlier the article you mentioned but that is not really related to the question either.

If you go on the link I sent it clearly says:

General Settings
Action: Define the action the firewall takes when the conditions of the rule are met. Options available via the drop down menu are ‘Allow’ (Default), ‘Block’ or ‘Ask’.

Well, there is no “Ask”.
And yes, I do have the latest Comodo version.


The article you were referring to is about how to apply rules for an application(s) and Not Global Rules

Application Rules Article: Link
Global Rules Article:Link

and I tried to answer your question here:

[quote]If Rule is not in Application List or Global Rules List You’ll be alerted thus Asked Rule is automatically applied .[/url]

You are correct.
I got lost in those links and jumping from one page from another, sorry.

And here is why I was looking for it - I wanted to have Comodo firewall not allowing automatically connections from any other computer on my LAN, regardless of the application.
I wanted to be asked for any incoming connection coming from LAN.
How do I set up Comodo for that?
I think by default Comodo was allowing some incoming connections from LAN (through windows explorer to shared folders for example), but I can be mistaken (again).


It’s ok I get confused alot …

So you are wanting to be asked when there is an incoming connection from your Lan is this correct?

That’s right. Regardless what application and from what machine on the LAN is coming from. I want to be asked each time if I wish to accept or reject it.
Thanks again

I did check with v5.8 teat and indeed with that version there is no option to Ask when making or editing Global Rules. Not sure whether that is by design or a bug. It is certainly something I did not expect.

To be alerted by incoming traffic from your LAN use the Stealth Ports Wizard to be notified for all incoming traffic by choosing option “Alert me to incoming connections and make my ports stealth on a per-case basis”.

As Eric Suggested (For Global Rules

Also for Application Rules You May Open CIS > Network Security Policy > Application Rules > (Search for “All Applications” If not Exists, Add > Select > File Groups > All Applications > Add The Ask Rule In the range of the IP’s In your network eg, to etc etc > Apply > Apply > Move All Application Policy To the Top > OK

Thank you for the responses, I’ve tried both methods above.
They unfortunately do not work as I was expecting.
Here is the issue: You do get asked when there is an incoming connection from an application from a certain machine on the LAN. However, once you allow it ( without even using remembering function) that same application makes an incoming connection from a third LAN machine without asking!

I guess if you put even more rules around it then I can get it to ask me for every machine on the LAN for that application, but this really becomes labour intensive and a convoluted set up.
Coming from the ZoneAlarm I did like that ZA did not make such assumptions.
I wish Comodo does not make that assumption i.e. if one application was OK to connect from one machine it is OK to connect from any other on the LAN.


Can you post a screenshot of your Global Rules? and If Possible Network Zones

OK, here you are: