Slow internet problems (pt.2) - Solution

Hello guys, first post.

I was using Agnitum Outpost (2 years license and all) now i’m moving to finally a good product. (:CLP) :BNC

I work with network security so comodo firewall to me is a dream come true, finally i can create my own rules the way i want and how i want. Now moving to problems.

I’ve noticed that when comodo is on the network around here is very slow, is not name resolution because if i ping a domain the resolution of the ip works fast, if is not DNS is comunications and something is messing with the packages.

At home i use a router that connects to internet, after that there is a linux firewall (iptables) that goes to a 3COM switch and last is my computer, if i shutdown comodo my internet work fine. Messing with the comodo configuration i’ve discovered a few things that make the internet work normal again.

If I disable “Do protocol analysis” the internet works fine, turn on again to have problems, but there is no logic in this because soon as i used comodo for the first time everyting was OK, so to make sure i formated the computer to have a fresh install and make a few more tests, everything was fine for a few minutes and than problems again, internet was very slow and some times i got connection time out error, and again disabling “Do protocol analysis” fixes the problem. (?)

Sniffing my network console i’ve discovered that was not a incoming from port 80, looking at “Network Control Rules” there is now TCP INPUT rules either, so i add a new control to allow from any INPUT from ANY at port 80 to make a test and BANG, internet was fast again, and when i say fast was fast like a flash with “Do protocol analysis” enabled.

The standard created controls have no INPUT rule, only output, doing this i could fix the problem and i think this will solve many problems that other users might have in the future.

To make the solution complete i’ve added INPUT ALLOW to por 80 and 443

To make the solution complete i've added INPUT ALLOW to por 80 and 443
hum; unless you are running a webserver (eg: Apache / IIS) not only should this not be required, but also opens a bogus backdoor. (:AGY)