Please could someone let me know if Comodo firewall FULLY supports Internet Connection Sharing (ICS) in Windows XP?
By this, I mean to say that I would like to able to install the firewall on the host PC that is providing the Internet access, as well as installing the firewall on the client PC that connects through the host.
Will Comodo allow me to access the Internet at a High security setting as opposed to Medium?
I have recently been told that the free version of ZoneAlarm does not FULLY support ICS, hence that is why I am looking to switch to Comodo.
ZoneAlarm has to have the host PC security setting set to Medium - this is NOT recommended.
The client PC can either have the security setting set to Medium or High - it doesn’t matter.
Having the host PC security setting set to Medium does not allow me to surf the net with true stealth - my PC is not invisible on the net and I would like it to be.
Comodo Personal Firewall fully support ICS. The settings of the host and the remote PCs are immaterial to each other or to the connection. If you want to run one on “high” and the other on “low” you can, CPF places no restrictions like that.
Just as a side note, CPF has an “Allow all” mode, a “Block all” mode and a “Custom” mode. Custom mode is where the rules that are defined during the setup are applied. Custom can be as high or as low as you like, but the default rules give optimum protection for standard PCs connecting to the internet.
Many thanks for replying - can I run both PCs on High?
What are the security settings for this? - High, Medium or Low - how does Comodo define these settings?
Obviously, both machines will have to be part of a “trusted network” for ICS to work.
Is this correct?
For ICS to work on the host PC as well as the client PC, can I use the Custom option, or will the default rules option be sufficient for the whole thing to work?
CPF doesn’t really have a high, medium or low. It has a block all, allow all and custom.
What are the security settings for this? - High, Medium or Low - how does Comodo define these settings?
Custom can be manually set up to be whatever you want.
Obviously, both machines will have to be part of a “trusted network” for ICS to work.
Is this correct?
During the install, you’re asked to define a “Zone” that covers the IPs of your local LAN. CPF will automatically create a set of Custom rules for the zone to protect the PCs but allow full secure access to your LAN. You should then define this zone as a trusted zone.
For ICS to work on the host PC as well as the client PC, can I use the Custom option, or will the default rules option be sufficient for the whole thing to work?
If you define a zone and set it as trusted, the custom rules created on each PC are sufficient and secure, for standard internet and LAN operations.
Correct - CPF will create a custom set of rules to allow ICS, internet connection and standard LAN access providing you 1) define a zone for your LAN AND 2) this zone is defined as Trusted.
Many thanks for all your helpful advice and patience regarding the CPF configuration.
As I said, I went home yesterday and installed the firewall on both of my PCs using separate license codes and all seemed fine.
I ran the install on both PCs and the installer picked up that I had a “Zone” on both of them.
It then defined a custom set of rules to the “Zone”.
The only observation that I have noticed is this: -
The IP addresses that the setup gave to the “Zone” on both PCs were both in the range of 192.168.0.0 with a subnet of 255.255.255.0.
After the setup/install finished, I rebooted both PCs and found that whilst Internet access was okay on my “host” PC, it was not available on my “client” PC.
Then, I checked the Trusted Network option in the program and found that the IP addresses were set as 192.168.0.0 on both PCs and not the ACTUAL IP addresses that I use on both of them.
Once I had modified the IP addresses to the ones that I use, I then rebooted both PCs and then Internet access was okay on both of them.
Would this be a known bug in CPF, or is this how the program works?
Have I done the setup correctly, or should I have done things differently than the above?
When CPF detects a zone, it doesn’t give that PC an IP address. What it indicates is that the IP address currently on this PC is within this range (in your example, the PC would have had an address of between 192.168.0.0 and 192.168.0.255). The zone needs to be set to an identical start and end address on both PCs, but each PC must have a unique address within that range.
As long as each PCs address is A) unique and B) within the range assignd to the trusted zone, it all should be OK.
I rest assured that this info will be thankfully applied.
Both of my PCs are in the range of 192.168.0.0 and 192.168.0.255, yet each PC does have its own unique IP address - 192.168.0.* and 192.168.0.* .
The Trusted Zones on each PC both have an identical start and end IP address, namely in the range as per above - 192.168.0.0 and 192.168.0.255, yet I found that ICS worked only on the “host” PC and not the “client” PC.
After I modified the start IP address on the “host” PC to the ACTUAL IP address, I also did the same for the start IP address on the “client” PC.
After this, I found that ICS worked okay.
I fully understand what you are trying to say in your reply, yet am I missing the point of what you are trying to say or not?
EXAMPLE 1
One of my networks has the following specs;
PC1
Address : 192.168.1.213
CPF Zone : 192.168.1.0 - 192.168.1.255
PC2
Address : 192.168.1.104
CPF Zone : 192.168.1.0 - 192.168.1.255
Router
Address : 192.168.1.1
Internet connection to both PCs is thorough the router. File and print sharing enabled on both PCs.
Both PCs have a statically assigned IP, rather than having the IP allocated automatically by DHCP. Once I had nominated the defined zone as a trusted zone (on both PCs - did I mention that the trusted zone had to be on BOTH PCs??), intra LAN communications worked.
EXAMPLE 2
Second of my networks has the following specs;
PC3
Address : 172.16.0.2
CPF Zone : 172.16.0.0 - 172.16.0.255
PC4
Address : 172.16.0.1
CPF Zone : 172.16.0.0 - 172.16.0.255
Modem (Connected to PC3)
Address : Dynamically assigned by ISP
PC3 accesses the internet directly, via the modem. PC4 accesses the internet via Windows Internet Connection Sharing to PC3. Again, once the zone was defined on both PC as 172.16.0.0- 172.16.0.255, and that zone was furtherdefined as a trusted zone, the windows internet connection sharing just worked.
Good morning - I went home last night and followed your instructions on BOTH PCs to the letter.
I also set, as per my previous post, the Trusted Zone on both PCs and checked that the start and end ranges of IP addresses were the same on both of them as well.
I rebooted both machines, and hey presto, ICS and LAN access has worked fine since.
Many thanks for all your help, patience and advice.
Have a good one and please keep up all the good work with all Comodo products.
I know that I will be using them and recommending them to all I know from now on!!!
BTW, I also want to know about future releases of Comodo products:-
If a new version of say the firewall and anti-virus is released, do we just install the new version on top of the old one, or would it be better to uninstall the old one first?
How about the settings that I set in the old version? will these still be kept in the new one, or will everything have to be reconfigured again?
Love the nick BTW. Glad to hear everythings working OK. Isn’t it great when software just works!
Re. future releases, Comodo are an amzingly open company. The CPF you’re using now is the result of Comodo’s coding geniuses and the entire Comodo community’s input. Comodo actively encourage their users to really think their software, how it works,what’s good and what’s not so good. If you like a feature, let them know. Likewise, if some part of it doesn’t quite churn your butter, have a think about it and let them know how it could be improved. Everyone’s collective input is why this firewall is simply the best - it’s created from everyone’s best ideas.
Comodo generally drop hints as to what will be in the next release of an application.If you trawl through the forums, you;ll not only find some great tips, you’ll pick up bit and pieces about what’s coming up.
Re. uninstall or overwrite - usually if it’s an upgrade to an existing version, you can install over the top, but if it’s a whole new version (like going from V2.X to V3.X), you may need to uninstall prior to installing the new version. Installation notes like this are generally included in the release package.
Settings within an application usually follow the same procedure, but another user (Rotty) has written a batch file that can backup the firewall settings for you. I can’t lay my hands on the link right now, but it is in the HELP section fo the CPF forums.
Hi there,
I’ve read & re-read this thread up to here because i have a home network of 3 PCs, where there is one “host” which connects to my broadband router and the other two PCs share internet across a cable network managed by Windows XP, and I figure what’s been said here should apply to my network.
So far i’ve not even involved the 3rd PC because the only PC which can connect to the internet is the “host”.
I installed the Comodo firewall on both of the first 2 PCs and can share files & folders between both PCs but only the host can browse the internet. The second PC cannot access the internet, nor even can it access to look for updates for Comodo firewall, despite having received prompts relating to allowing access for IE7 & other software which normally automatically connects to the internet for updates (such as AVG antivirus).
I’ve set the local network as trusted on both PCs and they are within identical IP ranges, so why is file sharing possible, but only the host can access the internet ? What am i doing wrong please ?
If you set the firewall on the host PC to “allow All”, can the second PC browse the internet?
If so, then it’s a rule problem. If not, it’s an ICs problem.
If the second PC can browse with the host’s firewall set to “Allow All” then the rules in the host Pc’s firewall are preventing ICS from working. Set the firewall to “Custom”, attempt to access the internet from the second PC a couple of times and then, on the host PC, export the firewall logs and post them here.
You can export the logs but opening CFP on the host PC, clicking ACTIVITY-LOGS, right clicking in the logs window and select “Export HTML…”. This will create a HTML file of the logs which can be zipped and posted here for analysis.
Hi, I have exactly that same problem like Midnight-man. On second PC I haven’t any firewall and some applications work, for example antivirus updater and ping command. But mostly programs don’t work correctly (IE7, Firefox). When I set allow All on the host PC all works correctly. Of course I add connection between computers to Trustet Zone etc.
If ICS works when CFP is set to “Allow All”, but not when it is set to “Custom”, then it’s a rules issue.
Can you please post a screenshot of your Network Monitor rules, along with an overview of your LAN - number of PCs, IP addresses,methods of connection etc.
i’m using (or trying to use) ICS to have internet on the notebook, i’m also using dhcp to get things working on my notebook … the problem is that even adding a trusted zone on 192.168.0.0 to 192.168.0.255 on the desktop doesn’t allow the notebook to get an address and connect to the desktop.
when i put CFP in allow all mode on the desktop and leave CFP with the default setting on the notebook (no trusted zone, the rules that come pre-defined) everything works fine (dhcp, file sharing) didn’t try internet because i assume CFP wouldn’t be protecting the desktop.
In my school, dhcp is used and it works fine, i didn’t have to add any rules to the CFP on the notebook to make it work properly. I conclude that the problem is with the rules defined on my desktop computer (ICS host).
what rule(s) should i add so i can be protected and be able to use ICS, dhcp and file sharing properly?
I can post a screenshot and network configuration when I come to home on friday.