I’m going to evaluate a new Internet Provider in my laptop in the company where I’m currently consulting for, but this means I’ll need a Windows Firewalll which support ICS. ZoneAlarm seems to be too expensive, being the most popular, and I’ve also feared that it’s being targeted the most by criminals. So I started to look for alternatives.<\/p>\n
Basically, ezFirewall is a rebranded version of ZoneAlarm (just try installing ZoneAlarm with ezFirewall already installed – it’ll complain that ZoneAlarm is already installed). But at almost only half the ZoneAlarm’s price, ezFirewall is quite interesting.
\nSygate got loads of recommendations. Kerio seems to have security holes and issues.<\/p>\n
But Jetico interest me the most, probably being a geek I like it’s detailed interface where you’re given a load of controls – not a watered-down version like the others. But I have a few questions, so I sent them an email.<\/p>\n
To my surprise, I got such detailed answer below.
\nIt’s easy to guess which firewall is going to be installed in my laptop.<\/p>\n
\nFrom: “Jetico, Inc.”
\nSubject: Re: Feedback<\/p>\nDear Harry Sufehmi,<\/p>\n
Thank you for your interest in Jetico Personal Firewall.<\/p>\n
Let me answer on your questions below.<\/p>\n
> Jetico Personal Firewall: YES
\n> Windows XP: YES
\n>
\n> Hi, since I can’t find the answer to my questions below, here goes :
\n>
\n> 1. Does your firewall works with XP SP2 ?<\/p>\nYes, the firewall works with Windows XP SP2.<\/p>\n
> 3. Does it work with Windows 2000 Server ?<\/p>\n
Yes, the software works with Windows 2000 Server too.<\/p>\n
> 2. Can it protect shared Internet connection \/ ICS ?
\n>
\n> As you can see, we’re planning to use it on several scenarios, but we don’t know
\n > if it’ll work. So I’d be grateful if you can let us know.
\n>
\n> Many thanks in advance.
\n>
\n> Regards,
\n> Harry<\/p>\nThe firewall can be configured for using it with
\nInternet Connection Sharing, but please note that
\nan overall level of protection aginst inbound
\nscanning will be lower in this case. It happens
\nbecause of the following.<\/p>\nJP Firewall has two levels of protection: low-level
\nNetwork Level and Application Level. (We don’t keep
\nin mind here third Process Attack Protecting level,
\nbecause it will work in any case.)<\/p>\nApplication Level provides Network Level with information
\nabout applications that have active connection and about
\nall the network traffic Windows applications are interested
\nin. All other network traffic is blocked. It is so-called
\nStateful Inspection.<\/p>\nNow when you turn on Internet Connection Sharing, you get
\nprivate network (for example interface B: 192.168.0.1) and
\ncontinue to have interface with IP address that is opened
\nto Internet (say interface A: 207.46.156.188).<\/p>\nAll the packets that come from interface B to interface A
\nand all the packets that come from Internet for interface B
\n– all that packets do not correspond to any application
\nin Windows! The packets should simply go from\/to interface
\nA to\/from interface B.<\/p>\nSo default JP Firewall configuration with stateful inspection
\nrules will reject the “interface A < -> interface B” traffic.<\/p>\nHence, to get Internet Connection Sharing working, we should
\nturn off Stateful Inspection in JP Firewall:<\/p>\n1). Select “Configuration” tab in JP Firewall;<\/p>\n
2). Select the following table in “Optimal Protection” configuration
\ntree: Root -> System IP Table -> System Internet Zone;<\/p>\n3) In the “System Internet Zone” table find rule with
\n“Stateful TCP Inspection” rule and run “Edit” command for the rule;<\/p>\n4) In the “Protocol specific” settings for the rule uncheck the
\n“Stateful inspection” checkbox.<\/p>\n5) Do the same for the “Stateful UDP Inspection” rule.<\/p>\n
Then, Private Network with interface B should be added as
\nTrusted Zone in JP Firewall. It can be done quite simply.
\nAfter you finish configuring Internet Connection Sharing,
\nrun Configuration Wizard program from “Jetico Personal Firewall”
\nprogram group.<\/p>\nConfiguration Wizard should automatically discover the Private
\nNetwork address and add it to the list in the “Trusted zone”
\ndialog window. Just finish Configuration Wizard normally.<\/p>\nAfter the procedure Internet Connection Sharing should work on
\nyour computer.<\/p>\nSincerely,
\nSergey Frolov<\/p>\n=================================================
\nJetico, Inc. phone: +358-9-25173030 =
\nTekniikantie 14, fax: +358-9-25173031 =
\n02150, Espoo e-mail: info@jetico.com =
\nFinland http:\/\/www.jetico.com =
\n<\/><\/support><\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"I’m going to evaluate a new Internet Provider in my laptop in the company where I’m currently consulting for, but this means I’ll need a Windows Firewalll which support ICS. ZoneAlarm seems to be too expensive, being the most popular, and I’ve also feared that it’s being targeted the most by criminals. So I started … Continue reading Windows Firewall<\/span>