I have three computers on my home network and I installed CPF two days ago on one of them. Before the install all of the computers on my network could access each other, now the one with CPF can access the other two but they can’t get to it.
I did add the network as a zone, and I went into Security->Advanced and made sure Secure the Host while booting was not checked. I’ve rebooted. The two other computers are still getting access denied.
Any ideas?
Have you updated CPF? this issue may be solved by the update that was released yesterday
Yes, I did that this morning and rebooted. Network is still not working.
Have you added your network as a trusted zone? If not, use the wizard “add atrusted zone”. You can find it on the lower windows under the panel “Security → Tasks”
And after you define your LAN as a zone, don’t forget to set a rule that allow IN and OUT from the defined zone. Defining a zone does exactly that- and nothing more than that. The defined zone then needs to be used in a rule. Once this is done, your LAN will start chattering away again.
Hope this helps,
Ewen 
OK, well I had already done all of this as I mentioned in my original post, but just to be sure I did it all again then rebooted. Still no joy, the other compters cannot reach the contents of my shared directories. I can reach shared directories on the other two computers.
I now have 3 rules:
ALLOW IP OUT FROM IP[Any] TO IP ZONE:[Home Network Zone] - 192.168.1.0/192.168.1.255 WHERE IPPROTO IS ANY
ALLOW IP IN FROM IP ZONE:[Home Network Zone] - 192.168.1.0/192.168.1.255 TO IP [Any]WHERE IPPROTO IS ANY
BLOCK IP IN FROM IP [Any] TO IP [Any] WHERE IPPROTO IS ANY
Could that third rule be the problem? I didn’t put it in, so I didn’t want to mess with it.
There should also be a default rule “Allow IP OUT from IP Any to IP Any”
Well I don’t know where the other default rule came from but putting it back in didn’t change anything. Am I at the point where I need to uninstall and reinstall?
It is quite strange. Maybe you need to reinstall. But before doing so, go at the default block rule and click “create an alert if this rule is fired”. Then try to connecct from the other computer at that with cpf and post again the logs inthe activity panel
The logs show a few Medium severity entries
Reporter is Application Monitor
Description is Application Access Denied (System:192.168.1.100:nbdgram(138))
There is another one that’s just the same from the other computer
Application Access Denied (System:192.168.1.101:nbdgram(138))
Hi,
In addition to the correct network configuration you have, you can try to :
1- Select Security->Advanced->Automatically aprove safe applications,
2- Make sure you dont have “Secure the host while booting” enabled,
3- Make sure you have basic popup logic enabled
Hope this helps,
Egemen
Well, here’s one for the knowledgebase.
When I went through the custom install I was prompted to create a zone and I named it Home Network. Then I apparently forgot about it while I went through the rest of the setup. So when I started having problems and I browsed the forum for help I saw where I had to add a zone, which I named Home Network Zone. Yesterday I deleted Home Network and now everything seems to be working. The other computers can see my shared areas and print to my shared printer without a problem.
Something else that happened at more or less the same time: when I shared the area on my hard drive I had checked the box “Allow network users to change my files.” It doesn’t seem to matter whether it’s checked or not now, but I deselected it around the same time I deleted Home Network, so perhaps it was a combination of things. God knows, that’s easy to have happen with Windows.
Anyway it’s working now and I’m ready to install to my other two computers. Thanks for the help.
Egemen,
I’ve seen a lot of references to turning off this option due to problems with various applications and processes that apparently need early access to the network. It’s great to be secure from boot, but it seems that most people have to turn it off, defeating the benefit. Can’t CPF (or its essential functions) get loaded early enough to provide security by the time network access is needed, without requiring this option?
Thanks,
Bruce
Hi Bruce,
Many CPF subsystems start much before than any network activity. For example network monitor starts stealthing your PC in a few seconds after you press the power button. So you will always be secure against inbound threats while booting.
You will also be fairly secure against outbound attacks even if secure the boot option is disabled. Because although CPF temporarily allows connections, when all systems are up and running, it will automatically apply its policies.
I personally do not enable this option. Because the same rules are valid for trojan programs. If CPF processes should wait for their turns to start, so should trojan programs.
Nonetheless, we may need to improve this issue as much as possible. Why dont you post this as a feature request in CPF Wishlist?
Egemen