Isolating one pc on a lan

I have 3 pc’s on a lan behind a firewalled router and the latest comodo software firewall
My pc’s are addressed
192.168.1.1
192.168.1.2
192.168.1.3

I want 192.168.1.1 to connect to the net but not the others as it is old want to use it for testing and if it gets infected formatting is no problem

I presume this is done in Network Security Policy? Will it totally isolate the 192.168.1.1? If I get a virus will the other 2 pc’s be safe? Is there any thing I should know or have not thought of? Any implications for the router?

On machine 1 (192.168.1.1) you can add the other two machines to the My Blocked Network Zones (Firewall → Common Tasks).

On the other two machines add 192.168.1.1 to the My Blocked Network Zones.

Thanks EricJH :slight_smile: Will entries in Application Rules/Global Rules in Network Security Policy or in My Network Zones overide that? Do I have to remove all ref to 192.168.1.1

I guess not. But I have never been in the same situation. I would say try to ping the other machines to see if it works or not.

The only way you might have a conflict is if the rules in Global tab are set to Allow connection to/from those systems. If you have any such rules on either systems I would remove them.

I have tested Eric’s suggestion and found it to be effective. Method:

PC1: Set Blocked Zone to IP address to PC2.
PC1: Ping PC2. Request timed out, 100% packet loss.
PC2: Disable Firewall, make sure Windows firewall not enabled.
PC1: Ping PC2. Request timed out, 100% packet loss.
PC2: Ping PC1. Request timed out, 100% packet loss.
PC1: Remove Blocked Zone.
PC1: Ping PC2. Ping Reply, success.

LM