NVIDIA TCP Acceleration bypasses firewall

How does the option to accelerate TCP packets using an NVIDIA nForce 500 series motherboard affect Comodo? According to the control panel, enabling it will offload packets to hardware thereby bypassing a firewall. Details in the image.

[attachment deleted by admin]

On NVIDIA nForce motherboards (I have nForce 4), there are NVIDIA Ethernet adapters. These NVIDIA motherboard (chipsets) & adapters combinations allow you to run NVIDIA’s Firewall (NVFirewall).

This doesn’t effect CFP, since as far as I know, you cannot run both firewalls (NVIDIA’s & Comodo’s) at the same time. You must choose which firewall you want to run… personally, I didn’t give it a second thought (I used CFP).

But, to be honest I don’t know anything about NVFirewall. I did read on another tech forums were one user asked another, why they were using NVIDIA’s LAN adapter rather than the Marvell Gigabit LAN adapter (mobo has 2 built-in LAN adpters), which they felt was faster & had better drivers… the answer was that they wanted to use NVFirewall. So, I guess, NVFirewall cannot be that bad.

Oops forget something important… :-[

So, what they mean I suspect is that it bypasses NVFirewall… it’s really just LAN adapter off-loading onto the CPU. Mind you, that doesn’t really say much about NVFirewall does it?

NVIDIA removed the firewall from the 500 series chipset, or at least, it isn’t a firewall which has a UI. The only “firewall” aspect in the 550/570/590 chipsets is a service called “Forceware IP Service” which can be stopped or started via Windows Services. I’ve reconfigured it from “Automatic” to “Manual” since it causes my system to hang when the machine boots to the desktop using its default setting. But I often forget to start it manually I must admit.
Similarly, there’s another service called the “ForceWare Intelligent Application Manager (IAM) Service” which can also be reconfigured to load automatically or manually via the Services menu, but that’s as far as it goes as far as user interaction is concerned. However, running a tool called What’sRunning identifies the “Forceware IP service” as “ActiveArmor firewall” as shown in the image.

In the 500 series which is aimed at users running Vista rather than XP (the main reason NVIDIA removed the firewall was because Vista’s version was deemed to be superior), the motherboard has two NVIDIA Ethernet LAN adapters while the nForce4 flavour only has one NVIDIA and one Marvell which can’t be combined.

[attachment deleted by admin]

OK, things must have changed since I last looked at this, since as far as I know… ActiveArmor is NV Firewall. So, I can’t really comment further. Sorry.