Ok but if it gets "many attacks and strange accesses" from one IP then it can also get them from any other IP.
Have you asked the ZA people (try their support forums) whether or not they recommend use of ZA pro on a server? Are you sure that a software firewall running on the server is the best approach? If you get malware on the system, what stops it trying to shut down or modify ZA or change the rules database? Who's going to answer ZA's popups if the server is unattended? Have you downloaded and installed ZA pro so that you can find the answer to your questions yourself? You don't need to buy it to do that, just put zonealarm pro download in google. I don't know how long the trial period lasts, or what happens when it ends.
One doesn't try to protect a machine running Web services with a personal FW solution.
One puts the machine behind the protection of a NAT router or low-end FW appliance. Maybe, you should consider a low-end FW appliance possibly a used one that can block IP(s) at the border and in addition ensures that only HTTP traffic comes down port 80 or FTP traffic down 20 and 21. You can also use a NAT router that has the ability to block IP(s) at the border.
Is the O/S, registry, user accounts, file system and Web server been secured for a machine that's being exposed to the public Internet? Otherwise, if that has not been implemented, then the machine is just hack bait.
I have NAT and simple HW firewall installed. This firewall has IP filtering capability by CIDR format, making line count larger than range format, and has number limitation to only 64.
Traffic is limited to ports 80 and 21. Bad boys try this 80.
I checked those things carefully before opening the site. There may be some holes remain though. I cannot say "absolutely safe" on this point. IPSec/NBT are cut-off. Many Win services were removed as well.
Thanks for suggestion, Duane. Will look into them.
Will buy and install the ZAP retail version anyway. That sound to be the best way to find the answer, overcoming the free version's limitation.
Uhhhm, That was the point I wanted to know. Thanks. Unfortunately the server has small CPU power, making me somewaht nervous. Will consider new HW as a backup. (Need financial minister's approval at my home though.)
I would appreciate your opinion on the following problem. I am having trouble at times connecting my computer to Ameritrade's streamer. I am using Zone Alarm personal edition (the freebee) with a dialup and Ameritrade sent me the following:
If you are uncomfortable opening port 80 for traffic, or have questions about other ways to configure your firewall, please contact your firewall provider with the following information.
I don't know anything about setting rules with ZA for IP's. I used ZA briefly back in 2001. I don't think you need to do anything with ZA for the above IP(s), ports or protocols HTTP/HTTPS, since you seem to have made contact with the site using the Ameritrade software running on your machine with ZA running. The Ameritrade software is making the solication to the remote site IP(s) and ZA should be opening the appropriate ports by itself for the machine to communicate with the Ameritrade software.
The software looks to be using the standard ports 80 the HTTP port and 443 HTTPS the *S* stands for secure and the Website will go into a secure connection by itself with the browser on your machine if the browser is SSL compatable (most browser are) and SSL enabled (most browsers have SSL enabled by default.)
It could be possible that ZA could block someting as I think it has high, medium and low settings which may affect the opening or closing of ports.
Your best bet is to contact Ameritrade Tech Support and discuss your connection issues. But as far as you having to set rules by IP for the above IP addresses for the software to work, I think that you have to do it, but I don't use the software either.
The easy way is to add the IP addresses for the streamer machines to the Firewall's Trusted zone.
You can also use the Firewal's Expert tab to define rules specifically for each source IP address - the drop-down lists allow you to select protocols and and both HTTP (port 80) and HTTPS (port 443) are in the list of ports.