I’m currently trialling Comodo firewall after reading some positive reviews and personal recommendations. Like many others, my firewall experience started with ZA and for the past few years I’ve been firmly entrenched in the Kerio camp.
One feature I’m struggling with Comodo is simply and quickly configuring allow/deny rules per application that are different for the Internet and Trusted zone.
Eg - in Kerio, I can allow inbound and outbound connections for the trusted zone but can set it up to only allow outbound connections to the internet zone. All of this is nicely presented in a tick/cross style table with five columns - Application name, Trusted Inbound, Trusted Outbound, Internet Inbound, Internet Outbound.
Using Comodo, the closest I can replicate this style of functionality is by defining a trusted zone. However, this seems to allow all inbound/outbound connections without prompting me for permission.
While I realise this sort of behaviour can be recreated by creating custom firewall rules per application in Comodo, I was hoping this sort of functionality could be achieved by allowing/denying access from popup boxes as they appear. Perhaps I have missed something obvious?
These features are indeed available in Comodo. It’s just different, and in my opinion, more flexible than Keiro and certainly ZA.
You can do two main things in Comodo. Set up rules that are Application based (Application Monitor), and set up general rules that are global to your network (Network Monitor). Play around in both of these areas until you get a feel for where everything is at.
A “Zone” is nothing more than an IP Address/Mask given a name for quick reference.
A “Trusted Zone” is nothing more than the above Zone given a Network Monitor rule to allow all inbound/outbound traffic (eg, to your networked computers).
You can specify these Zones under “Security > Tasks > Add/Remove/Modify a Zone” and you can specify and modify these rules under “Security > Network Monitor”. If you already added a Trusted Zone via “Security > Tasks > Define a new Trusted Network”, you will find that rule appear at the top of “Security > Network Monitor”. And you can modify this rule to be more specific or general as you desire.
As you are testing new Network Monitor rules, add a checkmark to “Create an alert if this rule is fired” (at the top of the Rule Edit display) and you can monitor all traffic that matches that rule under “Activity > Logs”.
Setting up application permissions to a specific zone:
Goto “Security > Application Monitor”, then select an application rule and “Edit” (or double-click),
Click the “Destination IP” tab and tick “Zone” from the bullet list,
Then select the Zone from the drop-down list.
This will only permit outbound connections to that specified Zone.
While I understand the power/flexibility of writing custom rules, in my case it’s unfortunately somewhat beyond the level of the intended users (family members, relatives).
I guess this is one area where ZA/Kerio is a little more accessible for the not-so computer literate. When setting up a PC for a family member, I typically define trusted zones which usually consists of a LAN range, DNS address and localhost.
Currently, I have been able to teach family members how to differentiate between a trusted zone and an internet zone, the popups themselves being nicely differentiated with green and red, which they can simply allow/deny. I suspect messing around with custom rules is a little beyond the realms of ease of use for the average user.
Regardless, having heard so many good things about Comodo, I’m keeping it on my PC for a little longer.
Maybe this should be a feature request for a future version of Comodo: Have the popup alerts detect pre-defined zones and when the user allows/denies, create an application rule specific to the detected zone.
I think part of the thing is learning to think differently… “Internet zone” is a term seemingly related to ‘security’ settings in Internet Explorer, and picked up/propagated by some other software (such as Zone Alarm). It means nothing more than applications connecting to the internet, as compared to an intranet (ie, your LAN).
CFP does not, by default, define the “internet” as a zone of any sort. The network monitor functions in a similar way as a router, filtering all communication attempts based on the existing rules and advanced protocols. This is the first layer of security for inbound communications, the last for outbound. The application monitor provides another layer of security and control, by controlling which/how applications are allowed to connect. Any application connecting can only do so within the context of the Network monitor.
It may help you to read the explanation of CFP’s layered rules, in this thread.
As I read your question, it sounds like the thing you would need to do on these other computers would probably be along the lines of the “set and forget” setup tutorial found within the above link. Once the Network Monitor rules are configured, the only thing for users to allow is application-based. At an Alert Frequency of Very Low, and utilizing the Safelist, these alerts will be minimized, and the level of detail minimal; this will probably be best for those not “into” computers.