Please could someone let me know if Comodo firewall FULLY supports Internet Connection Sharing (ICS) in Windows XP?
By this, I mean to say that I would like to able to install the firewall on the host PC that is providing the Internet access, as well as installing the firewall on the client PC that connects through the host.
Will Comodo allow me to access the Internet at a High security setting as opposed to Medium?
I have recently been told that the free version of ZoneAlarm does not FULLY support ICS, hence that is why I am looking to switch to Comodo.
ZoneAlarm has to have the host PC security setting set to Medium - this is NOT recommended.
The client PC can either have the security setting set to Medium or High - it doesn’t matter.
Having the host PC security setting set to Medium does not allow me to surf the net with true stealth - my PC is not invisible on the net and I would like it to be.
Comodo Personal Firewall fully support ICS. The settings of the host and the remote PCs are immaterial to each other or to the connection. If you want to run one on “high” and the other on “low” you can, CPF places no restrictions like that.
Just as a side note, CPF has an “Allow all” mode, a “Block all” mode and a “Custom” mode. Custom mode is where the rules that are defined during the setup are applied. Custom can be as high or as low as you like, but the default rules give optimum protection for standard PCs connecting to the internet.
CPF doesn’t really have a high, medium or low. It has a block all, allow all and custom.
What are the security settings for this? - High, Medium or Low - how does Comodo define these settings?
Custom can be manually set up to be whatever you want.
Obviously, both machines will have to be part of a “trusted network” for ICS to work.
Is this correct?
During the install, you’re asked to define a “Zone” that covers the IPs of your local LAN. CPF will automatically create a set of Custom rules for the zone to protect the PCs but allow full secure access to your LAN. You should then define this zone as a trusted zone.
For ICS to work on the host PC as well as the client PC, can I use the Custom option, or will the default rules option be sufficient for the whole thing to work?
If you define a zone and set it as trusted, the custom rules created on each PC are sufficient and secure, for standard internet and LAN operations.
When CPF detects a zone, it doesn’t give that PC an IP address. What it indicates is that the IP address currently on this PC is within this range (in your example, the PC would have had an address of between 192.168.0.0 and 192.168.0.255). The zone needs to be set to an identical start and end address on both PCs, but each PC must have a unique address within that range.
As long as each PCs address is A) unique and B) within the range assignd to the trusted zone, it all should be OK.
I rest assured that this info will be thankfully applied.
Both of my PCs are in the range of 192.168.0.0 and 192.168.0.255, yet each PC does have its own unique IP address - 192.168.0.* and 192.168.0.* .
The Trusted Zones on each PC both have an identical start and end IP address, namely in the range as per above - 192.168.0.0 and 192.168.0.255, yet I found that ICS worked only on the “host” PC and not the “client” PC.
After I modified the start IP address on the “host” PC to the ACTUAL IP address, I also did the same for the start IP address on the “client” PC.
After this, I found that ICS worked okay.
I fully understand what you are trying to say in your reply, yet am I missing the point of what you are trying to say or not?
One of my networks has the following specs;
Address : 192.168.1.213
CPF Zone : 192.168.1.0 - 192.168.1.255
Address : 192.168.1.104
CPF Zone : 192.168.1.0 - 192.168.1.255
Address : 192.168.1.1
Internet connection to both PCs is thorough the router. File and print sharing enabled on both PCs.
Both PCs have a statically assigned IP, rather than having the IP allocated automatically by DHCP. Once I had nominated the defined zone as a trusted zone (on both PCs - did I mention that the trusted zone had to be on BOTH PCs??), intra LAN communications worked.
Second of my networks has the following specs;
Address : 172.16.0.2
CPF Zone : 172.16.0.0 - 172.16.0.255
Address : 172.16.0.1
CPF Zone : 172.16.0.0 - 172.16.0.255
Modem (Connected to PC3)
Address : Dynamically assigned by ISP
PC3 accesses the internet directly, via the modem. PC4 accesses the internet via Windows Internet Connection Sharing to PC3. Again, once the zone was defined on both PC as 172.16.0.0- 172.16.0.255, and that zone was furtherdefined as a trusted zone, the windows internet connection sharing just worked.
Love the nick BTW. Glad to hear everythings working OK. Isn’t it great when software just works!
Re. future releases, Comodo are an amzingly open company. The CPF you’re using now is the result of Comodo’s coding geniuses and the entire Comodo community’s input. Comodo actively encourage their users to really think their software, how it works,what’s good and what’s not so good. If you like a feature, let them know. Likewise, if some part of it doesn’t quite churn your butter, have a think about it and let them know how it could be improved. Everyone’s collective input is why this firewall is simply the best - it’s created from everyone’s best ideas.
Comodo generally drop hints as to what will be in the next release of an application.If you trawl through the forums, you;ll not only find some great tips, you’ll pick up bit and pieces about what’s coming up.
Re. uninstall or overwrite - usually if it’s an upgrade to an existing version, you can install over the top, but if it’s a whole new version (like going from V2.X to V3.X), you may need to uninstall prior to installing the new version. Installation notes like this are generally included in the release package.
Settings within an application usually follow the same procedure, but another user (Rotty) has written a batch file that can backup the firewall settings for you. I can’t lay my hands on the link right now, but it is in the HELP section fo the CPF forums.
I’ve read & re-read this thread up to here because i have a home network of 3 PCs, where there is one “host” which connects to my broadband router and the other two PCs share internet across a cable network managed by Windows XP, and I figure what’s been said here should apply to my network.
So far i’ve not even involved the 3rd PC because the only PC which can connect to the internet is the “host”.
I installed the Comodo firewall on both of the first 2 PCs and can share files & folders between both PCs but only the host can browse the internet. The second PC cannot access the internet, nor even can it access to look for updates for Comodo firewall, despite having received prompts relating to allowing access for IE7 & other software which normally automatically connects to the internet for updates (such as AVG antivirus).
I’ve set the local network as trusted on both PCs and they are within identical IP ranges, so why is file sharing possible, but only the host can access the internet ? What am i doing wrong please ?
If you set the firewall on the host PC to “allow All”, can the second PC browse the internet?
If so, then it’s a rule problem. If not, it’s an ICs problem.
If the second PC can browse with the host’s firewall set to “Allow All” then the rules in the host Pc’s firewall are preventing ICS from working. Set the firewall to “Custom”, attempt to access the internet from the second PC a couple of times and then, on the host PC, export the firewall logs and post them here.
You can export the logs but opening CFP on the host PC, clicking ACTIVITY-LOGS, right clicking in the logs window and select “Export HTML…”. This will create a HTML file of the logs which can be zipped and posted here for analysis.
Hi, I have exactly that same problem like Midnight-man. On second PC I haven’t any firewall and some applications work, for example antivirus updater and ping command. But mostly programs don’t work correctly (IE7, Firefox). When I set allow All on the host PC all works correctly. Of course I add connection between computers to Trustet Zone etc.
i’m using (or trying to use) ICS to have internet on the notebook, i’m also using dhcp to get things working on my notebook … the problem is that even adding a trusted zone on 192.168.0.0 to 192.168.0.255 on the desktop doesn’t allow the notebook to get an address and connect to the desktop.
when i put CFP in allow all mode on the desktop and leave CFP with the default setting on the notebook (no trusted zone, the rules that come pre-defined) everything works fine (dhcp, file sharing) didn’t try internet because i assume CFP wouldn’t be protecting the desktop.
In my school, dhcp is used and it works fine, i didn’t have to add any rules to the CFP on the notebook to make it work properly. I conclude that the problem is with the rules defined on my desktop computer (ICS host).
what rule(s) should i add so i can be protected and be able to use ICS, dhcp and file sharing properly?