Anna, If you go down the Zone Alarm route use..... http://forums.zonelabs.com/zonelabs
"but found out that I couldn't set my internet connected network card to be in the Internet Zone, the NAT wouldn't work. The only way it would if it was placed in the Medium Zone" This sounds very odd, it will normally detect it out of the box. If you used Zone Alarm Pro (the $49 version?) then it will do that. You do *not* have to set the bar to Medium for the Internet Zone and it is not reccommended. On the gateway machine, where ZA is installed, you will also need to add any external servers you use i.e. IP & port to the trusted zone e.g. your mail provider. This will allow machines internally to access those services (to pick up and send mail). By default it should also allow the basic web surfing service, but if not, once you start to surf on one of the machines, ZA will detect these outgoing packets and and a box will pop up asking if you want to allow x service (e.g. port 80) to be allowed to connect to x.x.x.x? Say yes. In the advanced tab for the 'Internet Zone' there should already be a tick in the box 'Allow outgoing DNS requests' (or something like that). It does work, really. Regards & Good Luck. James --- SML <[EMAIL PROTECTED]> wrote: > I'd like to thank everyone for their input. > I've tried several different configurations over past > several days. I didn't > like ICS with Windows own firewall. So I went to > ZoneAlarm Pro, but found > out that I couldn't set my internet connected network > card to be in the > Internet Zone, the NAT wouldn't work. The only way it > would if it was placed > in the Medium Zone. I wonder how secure it is this way? > Am I too paranoid? > :) Then I learned about Kerio WinRoute Firewall which in > fact consist of NAT > and Firewall all in one. > Can anyone share their thoughts about it. I mean how good > or bad it is in > all aspects. > I'm going to try the trial version today. > > Regards, > Anna > > > -----Original Message----- > From: Lachlan McGill > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, May 27, 2003 4:30 AM > To: 'SML'; [EMAIL PROTECTED] > Subject: RE: Setting up secure windows xp network > > > As a very simple method, you can try just blocking ports > on the network card > level in its TCP/IP properties. This is very simple and > also not necessarily > the most secure. > > You should be able to get some success with third party > apps such as > Nortons, Mcafee and Zone Alarm. Its just a matter of > configuring them > properly to suit your setup. > > > -----Original Message----- > From: SML [mailto:[EMAIL PROTECTED] > Sent: Friday, 23 May 2003 12:57 AM > To: [EMAIL PROTECTED] > > Hello list. > I'm in the process of securing Windows xp prof network, > consisting of 5 > computers. > We use "workgroup" configuration. > Also the computers are conected to internet through > windows 2000 gateway > computer with 2 network cards, where one card connects to > ADSL router. NAT > software is in place on the gateway. > I'd much appreciate if somebody could point me to the > internet recourses, or > give advise on how to make the most of windows own > security features, > policies etc. Also what software firewall could we use on > the gateway, since > after trying norton and mcaffe firewals, we couldn't > access the intrenet. > > Thanks, > Anna > > > > --------------------------------------------------------------------------- > Thinking About Security Training? You Can't Afford Not > To! > > Vigilar's industry leading curriculum includes: Security > +, Check Point, > Hacking & Assessment, Cisco Security, Wireless Security & > more! Register > Now! > --UP TO 30% off classes in select cities-- > http://www.securityfocus.com/Vigilar-security-basics > ---------------------------------------------------------------------------- > > > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
