Which firewall zones for best network interoperability?

[Guest]

I use ZoneAlarm Pro but I’m not sure I’ve got my ‘zones’ set up correctly.
I’ve had some problems getting the computers to print over the network. I
can with one wireless connected computer but not another. All PCs run WinXP
HE SP2.


Hardware setup:

I have 3 computers (each running ZAP) attached to a KCORP KLG-575 wireless
router ( 2 wirelessly and 1 via ethernet cable). The router has an inbuilt
hardware firewall which I use on default settings ( the router’s firewall not
its security settings). The router is connected to the internet via a DSL
modem (D-Link DSL-300T).

My zone settings are:

Network (ADSL modem): internet zone 192.168.1.0
Wireless router: internet zone 192.168.1.1
Computers 1 - 3: trusted zone 192.168.1.100 / 101 / 102

Is this correct, or should I put the router on ‘trusted’ also?

I know I strictly don’t need a software firewall for incoming packets but I
want to lock down as much as I possibly can.


Thanks in advance.

Steve

 

[Malke]

I use ZoneAlarm Pro but I’m not sure I’ve got my ‘zones’ set up
correctly.
I’ve had some problems getting the computers to print over the
network. I
can with one wireless connected computer but not another. All PCs run
WinXP HE SP2.


Hardware setup:

I have 3 computers (each running ZAP) attached to a KCORP KLG-575
wireless
router ( 2 wirelessly and 1 via ethernet cable). The router has an
inbuilt hardware firewall which I use on default settings ( the
router’s firewall not
its security settings). The router is connected to the internet via a
DSL modem (D-Link DSL-300T).

My zone settings are:

Network (ADSL modem): internet zone 192.168.1.0
Wireless router: internet zone 192.168.1.1
Computers 1 - 3: trusted zone 192.168.1.100 / 101 / 102

Is this correct, or should I put the router on ‘trusted’ also?

I know I strictly don’t need a software firewall for incoming packets
but I want to lock down as much as I possibly can.

Make your trusted zone a range of 192.168.1.0-192.168.1.254 instead.

Malke

 

[Guest]

If I made all of the range 192.168.1.0-192.168.1.254 'trusted' (includes the
modem and router) wouldn't that make my entire system vulnerable? Or is
there something here I'm not getting (which is more than possible)?

Thanks.

Steve

 

[Bob Willard]

If I made all of the range 192.168.1.0-192.168.1.254 'trusted' (includes the
modem and router) wouldn't that make my entire system vulnerable? Or is
there something here I'm not getting (which is more than possible)?

Thanks.

Steve

No problem. 192.168.1.x is a range of non-routable IPAs, so nodes on the
WANside of your modem won't be able to see any of your nodes -- that
minimizes the vulnerability of external attacks.

 

[Guest]

Thanks for getting back. I've made everything's IP address
(192.168.1.0-192.168.1.254) a trusted range and will now delete the
individual entries.

Will I need to change this if I connect without the router? Why does ZAP
ask you to choose whether an IP address is trusted or not if it doesn't
matterthat much?

Thanks again.

Steve