Sygate Pro confusing entry block in traffic logs

If Sygate is confusing you, you can drop it and use the Windows-Firewall.

Sygate has a big design flaw as a "Personal Firewall" - it's system services are opening windows. This is a security breach, because this opens additional attack vectors, your system will not have with the Windows-Firewall instead.

Yours, VB.

louise wrote in news: snipped-for-privacy@news-server.nyc.rr.com:

Well of course Sygate is going to sit their and whine if you don't configure Sygate to trust the router's Device IP of 192.168.1.1. The router Device IP will communicate with the machines on the LAN if you'll let it. If Sygate was not on the machine and machines sitting behind a router in a LAN situation don't always have a personal FW active on the machine, it wouldn't even be noticed it's just normal network traffic on the LAN.

The same holds true for 192.168.1.100. It's a machine on your LAN behind the router that has the IP. I'll assume you have more than one machine on the LAN and all of them are running Sygate. You should configure Sygate to trust the LAN IP(s) that can be issued to machines by the router's DHCP server and you should trust the router's Device IP. Sygate is blocking and/or reporting when it shouldn't be because you don't have Sygate properly configured to ignore the chatter/traffic between the devices.

So, if you have two machines on your LAN and one has an IP of

192,168.1.100 and the other machine has an IP of 192.168.1.101, then you configure Sygate on the machine that has the IP 192.168.1.100 to trust the traffic coming from the machine that as the IP 192.168.1.101. You would configure Sygate on the machine that has 192.168.1.101 to trust the traffic coming from 192.168.1.100.

And of course for Sygate running on both machines, you would configure Sygate to trust the router's Device IP.

It's that simple.

Duane :)

Thanks - I understand conceptually - but I'm not sure how to configure it to "trust the lan IPs?

I tried this but I want to be sure I haven't left my machine wide open to something so I'd appreciate it if you'd make sure it's ok.

the block has been: 10/8/2005 4:21:00 PM Blocked 10 Incoming UDP 192.168.1.1 00-04-5A-F2-15-30 23397 192.168.1.100 00-0E-A6-4D-B1-FB 162 Madeline SONATA Normal 1 10/8/2005 4:20:50 PM 10/8/2005 4:20:50 PM Block_all

So here's what I did:

I made an advanced rule described by Sygate as follows: Allow both incoming traffic from the IP address(s) 192.168.1.1,

192.168.1.100 on UDP local Port 162. This rule willbe applied to all network interface cards.

Is this right?

Thanks again.

Louise

Louise

louise wrote in news: snipped-for-privacy@news-server.nyc.rr.com:

When using BlackIce on the machines behind the Linksys NAT router I was using, I did the following:

1) Set the router's DHCP server to only issue IP(s) based on the number machine I might have connected to the router. In my case there could be up to five machines. In that case, I sat the number to 5 so it would only issue 5 IP(s) 192.168.1.100-192.168.1.105. 2) In configuring BlackIce on each machine, I just sat a rule in BI to *trust* all IP(s) in the range of 192.168.1.100-192.168.1.105 and to trust the IP(s) on all ports TCP and UDP 1-65535 or whatever that ending port number is and forgot about it. That covered everything because I didn't want to continue to set rules every time I looked around.

3) I did the same thing with the router's Device IP was set a rule in BI to trust the router's Device IP on all ports TCP and UDP 1-65535.

One doesn't get into trying to set precise rules for LAN network traffic between devices or computers -- just let it happen on all ports and be done with it.

Duane :)

Thanks I reconfigured it for all ports. It seems happy :-)

Louise

*sigh* - please read

If you're substituting "Zonealarm" with "Sygate", then this posting is the only good statement to what you're doing here.

Yours, VB.