Regd. Network Zones

bulava · January 14, 2011, 12:24pm

Hello,

In my Firewall, I don’t have my Network entry here:

Firewall > Network Security Policy > Network Zone tab

I can see a Loop back Zone but no Network settings added (auto detect mode: disabled).

My question is, how come Firewall is allowing the traffic without a Network setting? I think am missing something here. Could someone clarify?

PS: Please also respond on my Firewall Intrusion thread.

Thank you.

brucine · January 14, 2011, 12:28pm

A network zone is something, if not the local one recognized by the software installation if you allow it, that you write yourself in order to refer to it when writing application or global rules: if you don’t have such a zone, and even if you have one and don’t refer to it, CIS won’t of course apply whatever allowing or denying policy relevant to such a zone.

bulava · January 14, 2011, 11:12pm

Sorry, I didn’t get it. Should I manually add my Network information in the Network Zone?

When I kept the setting as Auto detection as ENABLED then Firewall used to add a private network which always used to clash with my Network’s IP address (triggers a DHCP warning in the Windows Event log, resulting in the death of the connection). So, I did disable it.

brucine · January 15, 2011, 6:09am

Again, traffic being allowed or not does not depend upon the existence or not of a network zone (if not speaking of a blocked one), but upon the firewall and defense+ settings.

A network zone only allows to be convenient when writing rules.

e.g., if i want to allow netbios ports 135-139 for my 2 LAN computers whose ip are 192.168.0.2 and 192.168.0.3, writing a single rule for the network zone called “LAN” and being 192.168.0.1-192.168.0.255 is enough instead of having to write the rule twice (for each ip).

In order to write a permanent and safe LAN network zone, you must disable DHCP and assign each of your local computers a static IP coherent with the routers IP as a gateway (and, under some circumstances, the DNS of the ISP), but it has no other consequence than writing specific rules for this zone.

e.g., it would explicitly allow Netbios inside the LAN, implicitly denying it over the WAN.

bulava · January 17, 2011, 3:41pm

I can’t disable it because this 2 MB/s Cable connection uses DHCP (auto) feature, connected by RJ-45 without any Router/Modem :-[
So, could I safely ignore about making an entry in the Firewall’s Network Zone?

PS: What I don’t get is how come Comodo detects a private Network in Auto detect mode. And, how come the DHCP is gets corrupted thus triggering an alert in the Windows Event log.

Here’s the event log:

Your computer has automatically configured the IP address for the Network Card with network address XXXXE948XXXX. The IP address being used is 169.254.254.135 (which isn’t mine!)

I just don’t know why this happens on its own but whenever such a thing happens connection gets dead because of the IP conflict. But I get this info:

NetRange: 169.254.0.0 - 169.254.255.255
CIDR: 169.254.0.0/16
OriginAS:
NetName: LINKLOCAL-RFC3927-IANA-RESERVED
NetHandle: NET-169-254-0-0-1
Parent: NET-169-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG