Setting up Firewall for maximum Security.

Kyle142 · November 22, 2008, 6:01am

Hey Guys, The aim of this guide is to outline the functions of Comodo’s Firewall and to set up a secure connection with the internet. If you have anything that I can add to this guide or mistakes I have made please post them to me.

If you are unsure of some of the features, Comodo has a great help file that you can find at;
Comodo → Misc → Help

http://img360.imageshack.us/img360/7178/24790080uw1.png

^Larger Image Here^
http://img360.imageshack.us/img360/7178/24790080uw1.png

We are going to start by going to;
Comodo → Firewall → Stealth Ports Wizard. We will select “Block All Incoming connections - Stealth my ports to everyone” and click Finish.

http://img389.imageshack.us/img389/6459/46346483up4.png

^Larger Image here^
http://img389.imageshack.us/img389/6459/46346483up4.png

Then we are going to set up a network connection to a router\home network;
(This is usually done automatically for you)
Comodo → Firewall → My network Zones

We will add a Loopback zone and Local Area Network #1
In most cases, the loopback zone is 127.0.01/255.0.0.0
In most cases, the Network zone is your routers address\host machine 192.168.1.100/255.255.255.0

http://img296.imageshack.us/img296/5540/66782656fr3.png

^Larger Image Here^
http://img296.imageshack.us/img296/5540/66782656fr3.png

Click apply!

Now we should have set up an Internet connection, lets tweak things a bit
We are going to go to;
Comodo → Firewall → Advanced → Firewall Behavior settings.

We are going to push the slider up to Safe mode

Safe Mode: While filtering network traffic, the firewall will automatically create rules that allow all traffic for the components of applications certified as 'Safe' by Comodo. For non-certified new applications, you will receive an alert whenever that application attempts to access the network. Should you choose, you can grant that application internet access by choosing 'Treat this application as a Trusted Application' at the alert. This will deploy the predefined firewall policy 'Trusted Application' onto the application.

http://img368.imageshack.us/img368/1952/84208015gg5.png

^larger Image here^
http://img368.imageshack.us/img368/1952/84208015gg5.png

Then click on the the “Alert Settings” Tab in the same window, Slide to Medium and click on the click boxes, but leave " This computer is an Internet connection Gateway " Un-ticked . Unless you need it.

http://img520.imageshack.us/img520/7720/81597969jf3.png

^Larger Image here^
http://img520.imageshack.us/img520/7720/81597969jf3.png

Now we will move to;
Comodo → Firewall → Advanced → Attack detection settings
We are going to Tick the select boxes, “Protect the ARP cache” and “Block Gratuitous ARP Frames”

http://img78.imageshack.us/img78/8885/64810708rp9.png

^Larger Image here^
http://img78.imageshack.us/img78/8885/64810708rp9.png

Then we will click on the misc tab in the same window,
And select all the tick boxes.

“Block fragmented IP datagrams”
“Do protocol analysis”
“Do packet checksum verification”
“Monitor other NDIS protocols than TCP\IP”

http://img361.imageshack.us/img361/5207/41716122ed5.png

^Larger Image^
http://img361.imageshack.us/img361/5207/41716122ed5.png

That’s about it for setting up the firewall, now lets move onto the “Network Security Policy”

Kyle142 · November 22, 2008, 9:12am

Let’s make some application rules;
Comodo → Firewall → Advanced-> Network Security Policy
Here you can add/edit rules for specific applications manually or remove them.

http://img360.imageshack.us/img360/7131/38152394pp1.png

^larger Image^
http://img360.imageshack.us/img360/7131/38152394pp1.png

Your Global rules can be changed Manually although they should be fine how they are.
(Earlier in the thread we stealthed ports to everyone)

http://img361.imageshack.us/img361/7544/63660388jn8.png

^Larger Image^
http://img361.imageshack.us/img361/7544/63660388jn8.png

There are predifined policy’s, you may few what restrictions they apply here;
comodo → Advanced → Firewall → Predefined Policies. Click edit to see what applies.

http://img212.imageshack.us/img212/1867/10gk5.png

^Larger Image^
http://img212.imageshack.us/img212/1867/10gk5.png

You don’t need to make your own predefined policies, the default is usually enough.

Kyle142 · November 22, 2008, 10:09am

Let’s learn how we are meant to deal with pop-ups,

http://img116.imageshack.us/img116/2897/11eu2.png

^Larger Image here^

For programs not in the white list (Or your in paranoid mode\Clean Pc)
You will get a pop-up for unknown requests to connect to the internet, since Firefox is a webbrowser, we will treat this application as a Web browser and click remember my answer.

For trusted applications, Select trusted application. Outgoing is a good option for window’s system applications.

Making rules easy! This is great for gamers and for just about any application, With no user input!

Defense+
Right click on the Comodo tray Icon → Defense+ Security level - > Training Mode

http://img404.imageshack.us/img404/4973/20081121141124gu5.png

http://img404.imageshack.us/img404/4973/20081121141124gu5.png
^Click for larger Image^

Firewall
right Click on Comodo Tray Icon → Firewall Security level → Training Mode

http://img408.imageshack.us/img408/1341/20081121141349vn8.png

http://img408.imageshack.us/img408/1341/20081121141349vn8.png
^click for larger Image^

Training Mode: While filtering network traffic, the firewall will automatically create rules that allow all traffic for the components of applications certified as 'Safe' by Comodo. For non-certified new applications, you will receive an alert whenever that application attempts to access the network. Should you choose, you can grant that application internet access by choosing 'Treat this application as a Trusted Application' at the alert. This will deploy the predefined firewall policy 'Trusted Application' onto the application.

You should only run training mode for as long as it needs to be, 10 minutes should be fine. Then switch back to your previous mode (Safe Mode)

Remember that when running applications in training mode that any program (good or bad) will learn and be allowed to created rules, So only use it when you need to. ( You should only need to do it once)

This should be appropriate for most users, The more advanced can tinker with the settings a bit more if they need to.

I hope this helps, Any feed back is appreciated

Kyle142 · July 19, 2009, 9:09am

Feel free to ask about anything you see in this guide, If you have a rather in depth question then please create your own thread within the help section.

https://forums.comodo.com/help_cis-b127.0/

I apologize for some of the pictures that have become broken (Hopefully the steps I provided will be enough for now). When CIS v4 comes out, I will update this guide accordingly and upload new relevant pictures.