Network Zones Questions

Several questions about network zones:

  1. When creating a new zone, can I use wildcards in a host name? E.g. “*”.

  2. By the way, when are the host names in zones resolved? Once at program start up or every time access to such a host name is requested? (The first is more resource-efficient, the second is more secure - consider a host with dynamically changing IP address).

  3. Can I create one firewall policy and then use it with a combination of application-zone (e.g. “Firefox in Ethernet1 → Web Browser”, “Firefox in WIFI → Web Browser”, “Internet Explorer in WIFI → Web Browser”) or must I create one firewall policy per zone (e.g. “Firefox → Ethernet Web Browser”, “Firefox → WIFI Web Browser” , “Internet Explorer → WIFI Web Browser”)?

  4. The examples in User Guide seem to indicate that CIS is able to accept an adapter name and create a zone according to its settings. If that is the case, how is it done? Or is it just that someone had to manually type “Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport” into zone name and then manually find and type e.g. IP address range (or better yet, MAC address)?


  1. I never tried, so I don’t know
  2. No idea
  3. Zones are used in the Global Rules; so they are generic. They cannot be used at the level of programs policies.
  4. You cannot enter an adapter name. You can enter the host name of your computer.

If you want to work with different zones for two different locations there are two ways to go but they are not ideal.

1.Use one local zone as trusted ( regardless of what connection you are on. When on a wireless connection set Windows to treat the wireless connection as public; and when on the wired connection set it private.
2. Make two local zones under Global Rules. The local zone you don’t need, depending on the connection you are on, you drag and drop under the basic block rule(s) at the bottom (red icon(s)). This will disable that rule.