Trusted Zones not working?

I am running CPF on an XPsp2 machine with 2 network cards. One network card is connected directly to the internet with a ip while the other is used for the lan and has an ip of I told CPF that the lan is a trusted network however it still refuses connections from other lan ip’s unless I switch it to “Allow All”. I have setup the Zone as and I am running version CPF. Even if I switch back to “Custom” Security Level it disconnects any lan connection.
Let me know if you need more information.

You have to create rule(s) in network monitor to allow TCP/UDP activity to and from your trusted zone.

Well that really doesn’t make much sense to me as it is a “trusted” zone. But just to test your theory I added a rule in the Network Monitor to Allow in/out tcp/udp with the netmask but it still blocks traffic. I could be wrong but my personal observation is that Comodo does not handle multiple network interfaces in one machine very well.

Will you please post a screenshot of your Network Monitor, taken at full-screen.

Given the scenario as you’ve explained, the rules have been created incorrectly. Seeing the screenshot will be a good starting point.



Here you go, hope this helps

[attachment deleted by admin]


CFP does work with multiple adaptors and zones. One of my setups has 7 zones over three adaptors. Where you may be coming unstuck is that to set up a zone as trusted, it is a two step operation. Step 1 - define a zone. Step 2 - set that zone as trusted.

STEP 1 - Define a zone

  1. Open CFP
  4. Give the zone a meaningful name - Home LAN, work LAN etc.
  5. Enter the start and end addresses of the devices that constitute that zone
    (Don’t forget that the address of your modem/router needs to be within this zone)
  6. Click OK to complete the wizard

STEP 2 - Set that zone as trusted

  1. Open CFP
  3. Click NEXT
  4. Select the meaningful zone we defined in STEP 1.4
  5. Click NEXT
  6. Click FINISH
    (This step automatically creates two network monitor rules that allow controlled communications between the IP addresses in the zone range)

Notice how the network adaptors have not been mentioned at all. The firewall doesn’t really care what adaptor is sending or receiving the data, just that the attempt to send or receive satisfies one of the network monitor rules.

If you choose to follows this method, please remove any zones you have previously created and any network monitor rulkes you manually created to compliment the previously defined zone.

While this may seem to be taking the long way around things, it follows Comodo’s concept of trust nothing. Just because we define a zone, doesn’t automatically mean we want that zone to be trusted. I’ve actually got a zone defined just so I can block a whole range of IPs - that would make it an UNtrusted zone. I may have to go through one extra step, but at least CFP lets me configure it the way I want it to be configured.

Hope this helps,
Ewen :slight_smile: