No matter what I do, Kerio flunks the ping test.
Anyone running this with another firewall set to catch incoming pings
only?
No matter what I do, Kerio flunks the ping test.
Anyone running this with another firewall set to catch incoming pings
only?
If you don't want to be pinged, there should be a setting on your hardware
NAT router to stop them. If you don't have a hardware router you're
fooling yourself if you think Kerio alone will protect you, and as someone
emse said, it's not good to use two software firewalls.
Never run 2 firewalls together. There may be conflicts, and it's just not
necessary.
What ping test? What version of Kerio? 2.1.5 always passed every test I
threw at it.
Why not? Btw, it is Kerio 2.15, if you have one that does just certain
things and the other that does not conflict, in this instance, by
handling incoming pings?
Ping Reply: RECEIVED (FAILED) X Your system REPLIED to our Ping (ICMP
Echo) requests, making it visible on the Internet. Most personal
firewalls can be configured to block, drop, and ignore such ping
requests in order to better hide systems from hackers. This is highly
recommended since "Ping" is among the oldest and most common methods
used to locate systems prior to further exploitation.
That's not the way firewalls work. A firewall manages your connection(s)
by taking control over what can get in and out. Putting another alongside
it does not mean that it will catch things the first firewall doesn't.
Typically, the OS will assign one of the firewalls to manage the
connection, and the other will just be spare baggage. Plus, there is a
potential for conflicts between the programs. I remember it being said
that Kerio and Zone Alarm definitely do not like one another.
Your problem with Kerio can likely be solved by writing a rule to deal
with it. I always disallow ICMP and UDP, both ways, and never had a
problem. If for some reason that causes a problem, a specific allow rule
can be written for that specific application. Disallowing those across
the board should cure the ping problem.
I was a devoted 2.1.5 fan, but now that I have gotten used to Sygate,
would never go back. Sygate allows you to write very specific rules, but
is much more user friendly than Kerio 2.1.5. Also, it is still alive, and
there is the unfragmented packets vulnerability in 2.1.5 that will never
be fixed.
Interesting. I'm running Kerio 2.1.5 and the XP firewall. I thought
that the XP firewall might catch anything that Kerio cannot, such as
fragmented packets.
Rookie said:What about the latest Kerio version? Has anyone tried it?
All you need is a rule to disallow ICMP, and problem solved.
I would suggest that you go to geocities.com/yosponge, and read his
excellent tutorial on computer security. There, you can download several
sets of preconfigured Kerio rules that will give you a lot of control.
That's not the way firewalls work. A firewall manages your connection(s)
by taking control over what can get in and out. Putting another alongside
it does not mean that it will catch things the first firewall doesn't.
Typically, the OS will assign one of the firewalls to manage the
connection, and the other will just be spare baggage. Plus, there is a
potential for conflicts between the programs. I remember it being said
that Kerio and Zone Alarm definitely do not like one another.
Your problem with Kerio can likely be solved by writing a rule to deal
with it. I always disallow ICMP and UDP, both ways, and never had a
problem. If for some reason that causes a problem, a specific allow rule
can be written for that specific application. Disallowing those across
the board should cure the ping problem.
I was a devoted 2.1.5 fan, but now that I have gotten used to Sygate,
would never go back. Sygate allows you to write very specific rules, but
is much more user friendly than Kerio 2.1.5. Also, it is still alive, and
there is the unfragmented packets vulnerability in 2.1.5 that will never
be fixed.
Interesting. I'm running Kerio 2.1.5 and the XP firewall. I thought
that the XP firewall might catch anything that Kerio cannot, such as
fragmented packets.
There have been no conflicts that I can see. There possibly might be
some that are not evident. The system passes Shields Up! and other
firewall checker sites. I don't know where or how to test for
fragmented packets.
I've been wanting to give Sygate a spin... today is as good as any I
guess.
What about the latest Kerio version? Has anyone tried it?
Interesting. I'm running Kerio 2.1.5 and the XP firewall. I thought
that the XP firewall might catch anything that Kerio cannot, such as
fragmented packets.
What about the latest Kerio version? Has anyone tried it?
I appreciate the edificuation there elaich and I am going to give
Sygate a shot. Will I find that I need a Sponge type page to help with
specific rules?
I tried it. It trashed my network connection, interfered with shutdownThe 'try before you buy' one? I tried one, I'm not sure of the version, but it was a
thirty day trial...worked ok here with XP-SP2 and their so-called firewall.
Helen
I tried it. It trashed my network connection, interfered with shutdown
and reboot, as well as any other program which tried to run a
sub-program. Never again will I allow it on any of my machines.
No, Sygate is pretty much hands off. You can write a simple rule to
disallow ICMP merely by opening Advanced Rules, and ticking the appropriate
boxes.