1. Home
  2. Networking Firewalls
  3. Please help with Z Alarm and/or Sygate settings

Please help with Z Alarm and/or Sygate settings

My computer is connected to a router and I am running a web server. This server is supposed to receive requests only from a specific internet IP address, and not any other one, plus the requests from my own computer. I tried to set this up, and I am still receiving hits, which are probably scanners, robots, zombies, and who knows what.

I tried both ZA and Sygate to block all IPs except one or two, and had better luck with the former. However, I'd like to use Sygate instead. It's smaller and apparentely less confusing. I'll post my settings in both, because I'd like to make both work, just in case

Here are my settings in ZA:

--------------------------------

  • Firewall/Main/Internet Zone Security = High (no Custom settings, just default)
  • Firewall/Main/Trusted Zone Security = Med (no Custom settings, just default)

I assume the default High settings for the internet zone block incoming at port 80, so I set up an expert rule (explained below). Do I need to adjust also the custom settings?

  • Firewall/Zones/Network = 192.168.1.0
  • Firewall/Main/Advanced/Security/Internet Conncection Sharing

Here I am confused. If my computer is connected to a router, do I have to check "My computer is in a ICS/NAT gateway" ?

  • Firewall/Expert:

----------------------

Here I created one rule:

  • State = enabled
  • Action= allow
  • Source = the internet IP address I only want HTTP requests from.
  • Destination = My Computer
  • Protocol = TCP / Destination Port: HTTP - 80 / Source Port: HTTP - 80
  • Time = Any

Here are my settings in Sygate:

--------------------------------

  • Advanced Application Configuration window

-Name of Application: (web server's name)

-Application restrictions / trusted IPs : (the internet IP that I want to give access to)

-Remote server ports; TCP = 80 ; UDP=nothing ; Act as client=checked

-Local ports; TCP = 80 ; UDP=nothing ; Act as server=checked

Allow ICMP traffic = checked

I'd appreciate any help with these settings, because whatever I did, It's not having the results I want. With ZA, the web server still receives requests from unwanted IP addresses, with Sygate, access to the server seems ok, but the server logs don't show there was access (?) That's weird.

Reply to
PeterX
Loading thread data ...

Well, if you had a low-end FW appliance that ensures that only HTTP traffic comes down port 80, that would stop a lot of it and you would not be too concerned about it.

Your problem here is you think that some PFW solution is going to protect a WEB server when the Web Server has been exposed to the public Internet. You can install all the PFW(s) you want and they are not going to provide the protection needed.

If this is an IIS Webserver, have you even secured IIS, the O/S, file system, registry, user accounts etc etc from attack for a machine that being exposted to the public Internet?

That's where you need to be focused on and not some snake oil PFW solutions trying to protect a Web server exposed to the Internet.

Duane :)

Reply to
Duane Arnold

You set both the source and destination port to be 80, but a browser which connect to a http server doesn't have a source port with that number: it uses any free port higher that 1024, as the first 1024 ports are usable from a process with root privileges.

Ditto. For the remote ports it would be used a value that says "every value".

I hope that resolves your issue.

-- Xenophaw

Reply to
Xenophaw

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.