In CFP 3.0.25.378 I just added a new entry to My Network Zones:
Name: My IP
Address Type: Single
Address: 192.168.1.1
I then added the Zone (My IP) to the destination address of a network policy rule. When trying to connect to the address Comodo passes the rule and prompts me to Allow/Deny the connection.
If I edit the policy rule and change the destination address to a Single IP (192.168.1.1) instead of a Zone (My IP) , it works just fine.
Funny thing is; I have a bunch of existing single address zones that seem to be working fine.
In CFP 3.0.25.378 I’m trying to set up a network policy rule for comms between safe networks:
My Network Zones
Name: Safe Networks
Address Type: Range
Address Start: 192.168.0.0
Address End: 192.168.255.255
I then added the Zone (Safe Networks) to the source and destination addresses of a network policy rule:
Network Control Rule
Action: Allow
Log: No
Protocol: IP
Direction: In/Out
Source Address: Zone: Safe Networks
Destination Address: Zone: Safe Networks
Source Port: Any
Destination Port: Any
This doesn’t seem to work, even though the local and remote addresses for my connections are both in the Safe Network address range. If I create two rules; one for inbound and one for outbound, it works.
Does Windows XP say your network adapter has limited or no connectivity?
Can you reset your log and take a screenshoot of blocked packets in your logs and other global rules?
Thanks for combining my two reported issues - though I believe they separate problems…
Okay, regarding the In/Out to same Zone issue - No - my adapter does not have limited connectivity.
Attached screen shots for your reference. Thanks.
PS - It’s probably important to note that the 10.6.x.x addresses are from a Cisco VPN client and the 10.2.x.x addresses are part of the remote VPN network.
You may wish to export your configuration and revert back to a previous CFP version.
It looks that application rules have issues when a Network zone group is used.
Although the test cases are slightly different.
Does this issue affect Global rules in the same way?
Are non VPN networks affected in the same way?
On my machine here I setup a global rule to allow my LAN (one singe IP range) using allow IP IN/out source LAN dest LAN proto ANY followed by a block all IP in/out rule.
Okay - I seem to have figured it out - I had a pesky period ‘.’ in one of my Predefined Firewall Policies.
It seemed to be affecting that applications’ policy and at least some of the application policies that followed it. Removing the period seems to have fixed everything.
It might be worthwhile for the CFP to validate these type of fields that obviously have naming restrictions.
I figured this out by setting up a very simple test configuration and things seemed to work okay. Then I looked at my normal config to see what looked non-standard. I guess I got lucky.
Hi, if this can help, I have the same problem on my XP Pro sp3, Comodo firewall v. 3.0.25.378
It’s interesting to see that any network zone added automatically by the firewall feature when it detects a new network is keeped and holded in memory, after rebooting too.
Any Network added manually or editing an existing one, added before automatically, is not keeped.
The program doesn’t remember any manual entry/editing in this section, upon the next reboot…