My Network Zones Setup Help

Appreciate some help understanding the use of Comodo 4 in my two computer LAN behind a Verizon Router. I installed CIS only on my primary computer. Under My Network Zones, I see in addition to the loop back, my primary computer IP, no evidence of my secondary computer ( and new to me Sam Spade indicates the latter is the address of IANA and this range the “link local” block with something to do with backup DHCP assignment.

Is the latter an automatic addition when Comodo is installed and would appreciate a brief explanation of its need. Also am I able to access my primary computer (-2), with its newly installed firewall, from my backup computer (-3).

Appreciate your tolerance.

In My Network Zones you will see The last part, also known as the address mask, defines the range -

The 169 address range is given to your computer in the situation where Windows does not see a network and as a consequence Windows will hand out an IP address in the 169 range its self. You can delete that one.

In default configuration CIS will automatically detect new networks and as a consequence it will add the 169 address when the address in the 169 range gets assigned.

Let us know if you have more questions.

Thanks EricJH…I had about given up on getting what I thought were pretty basic questions answered and was just about to dump Comodo. I will ■■■■ away the 169 range and am happy with the full 192.168 which of course allows my son and grandchildren Internet access when they visit, by wireless connection to my router. I have always felt a bit more comfortable with the outgoing control by a software firewall to assist my router’s incoming control - and it forces me to keep up with the activity going on behind Windows that I have been struggling with since the first IBM PC was issued.

That would’ve been a bad move to scrap Comodo. 80%+ of FWBUILDER can be found in Comodo. I did a presentation 4 weeks ago on Comodo in front of the Server 2003 Management class. The instructor was impressed at its granularity. Furthermore, I was impressed at how much of Comodo is
part & parcel of FWBUILDER (which I became aware of as a result of the “Inside the Info-Sys Security Perimter” class I just took. Now there’s some serious paranoid security wonk firewall.

Anyways, FWIW, on a forum when your question isn’t getting a response, do a bump on it. All you gotsto-do is post “BTT”, i.e., “bump to the top”. Most people in help mode don’t go trolling the forum for questions to answer - I don’t - and deal with the most current stuff. The only time I look through multiple pages of posts is when I’m looking for answers (done before I ask a question).

Automatic Private Internet Protocol Addressing (APIPA) is a common alternative to the use of the Dynamic Host Configuration Protocol (DHCP) to request and retrieve an Internet Protocol (IP) address
for a host. APIPA simplifies the assignment of IP address and subnet-mask configuration information to hosts in small networks. When APIPA is used, the operating system allows the assignment of a unique IP address to each station on a small local area network (LAN). This avoids the administrative overhead of running a DHCP server or manually setting IP configuration information.

To obtain configuration information such as address and network gateway for a network interface on
the local computer, Windows Server 2003 does the following:

1.Contacts a DHCP server on the network and queries for configuration settings.

2.If no DHCP server responds, Windows Server 2003 checks for an alternate configuration that
contains settings.

3.If it does not find an alternate configuration, the operating system uses APIPA to automatically configure its network settings, assigning an IP address that is unique to the LAN.

IP addresses assigned by Windows Server 2003 APIPA are within the range through inclusive, in accordance with specifications created by the Internet Assigned Numbers Authority (IANA). APIPA also sets the subnet mask on the network to

To disable APIPA

1.From the Windows Start menu, choose Run, and then type regedit. The Registry Editor is displayed.

2.Navigate to the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters.

3.From the Edit menu, choose New DWORD value.

4.Name the value IPAutoconfigurationEnabled and enter a value of 0.


Just disable “auto IP” in TCP/IP properties and specify some IP address for your network.
You can use these: - - -

By convention, the gateway is assumed to be x.y.z.1 where x.y.z is the domain for the network.

If a DHCP server is also on the LAN it’s scope (range of IP addresses that it can assign to computers on the LAN set to obtain their IP addresses automatically) should be adjusted so it does not interfere with locally assigned static IP addresses. By default home-use router/gateway/switches have DHCP server functionality embedded within; unless explicitly disabled, that’s where nodes (hosts) on the LAN can get dynamically assigned IP address.

I heartily recommend static assigned IP addresses as that definitely speeds up the boot process; that especially true for single node LANs (waiting for IP assignment from the ISP can take several long moments).

FWIW: Don’t let the aforementioned references to “Server 2003” scare you: its based on the Win XP 64 codebase (despite only being available in 32 bit). Server 2003 as a primary desk-top OS takes advantage of improvements to the kernal and memory management system; plus there’s Active Diretory functionality and improved user secuity features so that user profiles ACTUALLY WORK (and the default login doesn’t need admin pfivledges).