Zonealarm Pro Expert rules

The network;

Router
| 192.168.0.3
|
| 192.168.0.1
ICS Gateway with ZA Pro on Win 2K
| 192.168.1.1
|
|
Rest of network


Rest of network is a legacy setup of 12 machines with static IP
addresses. The question;
Is it possible to prevent one machine on the 'Rest of network' segment
from accessing the Internet via 192.168.0.1 but still have access to
shares on 192.168.1.1 with expert rules on ZA Pro?
--
Clint Sharp

sorry don't know za pro only free one.
however, could you not just disable internet connection directly on the one
machine by setting IE6 connection tab to a silly setting.

mnike

"Clint Sharp" <(E-Mail Removed)> wrote in message
news:weuMiWC1IIICFw0+@clintsmc.demon.co.uk...
> The network;
>
> Router
> | 192.168.0.3
> |
> | 192.168.0.1
> ICS Gateway with ZA Pro on Win 2K
> | 192.168.1.1
> |
> |
> Rest of network
>
>
> Rest of network is a legacy setup of 12 machines with static IP
> addresses. The question;
> Is it possible to prevent one machine on the 'Rest of network' segment
> from accessing the Internet via 192.168.0.1 but still have access to
> shares on 192.168.1.1 with expert rules on ZA Pro?
> --
> Clint Sharp

"Clint Sharp" <(E-Mail Removed)> wrote in message news:weuMiWC1IIICFw0+@clintsmc.demon.co.uk...
> The network;
>
> Router
> | 192.168.0.3
> |
> | 192.168.0.1
> ICS Gateway with ZA Pro on Win 2K
> | 192.168.1.1
> |
> |
> Rest of network
>
>
> Rest of network is a legacy setup of 12 machines with static IP
> addresses. The question;
> Is it possible to prevent one machine on the 'Rest of network' segment
> from accessing the Internet via 192.168.0.1 but still have access to
> shares on 192.168.1.1 with expert rules on ZA Pro?
> --


I'm no expert but you could try this:

In the Expert Rules, Add a New Rule and then set it as follows:

Name: IP Block (or similar)
State: Enabled
Action: Block
Track: Log
Source: IP Address of machine you want to block Internet access.
Destination: Trusted Zone & Internet Zone
Protocol: Any
Time: Any

Click OK and you should see the rule.

Make sure you Save the changes by changing to another tab and clicking OK on the alert box that pops up.

Hope this works - haven't tested it.

--
Regards,
Chris.

www.bororules.co.uk
www.lascoronas10.co.uk

"Chris" <(E-Mail Removed)> wrote in message
newsigUd.1667$(E-Mail Removed)...
> "Clint Sharp" <(E-Mail Removed)> wrote in message
> news:weuMiWC1IIICFw0+@clintsmc.demon.co.uk...
>> The network;
>>
>> Router
>> | 192.168.0.3
>> |
>> | 192.168.0.1
>> ICS Gateway with ZA Pro on Win 2K
>> | 192.168.1.1
>> |
>> |
>> Rest of network
>>
>>
>> Rest of network is a legacy setup of 12 machines with static IP
>> addresses. The question;
>> Is it possible to prevent one machine on the 'Rest of network' segment
>> from accessing the Internet via 192.168.0.1 but still have access to
>> shares on 192.168.1.1 with expert rules on ZA Pro?
>> --
>
>
> I'm no expert but you could try this:
>
> In the Expert Rules, Add a New Rule and then set it as follows:
>
> Name: IP Block (or similar)
> State: Enabled
> Action: Block
> Track: Log
> Source: IP Address of machine you want to block Internet access.
> Destination: Trusted Zone & Internet Zone
> Protocol: Any
> Time: Any
>
> Click OK and you should see the rule.
>
> Make sure you Save the changes by changing to another tab and clicking OK
> on the alert box that pops up.
>
> Hope this works - haven't tested it.
>
> --
> Regards,
> Chris.
>
> www.bororules.co.uk
> www.lascoronas10.co.uk
>
>
I also am no expert ,main family machine runs Pro remainder Free, but won't
this rule prevent any sharing with the "Rest of the Network" assuming the IP
range is in the "Trusted " zone.
I am not quite certain what you mean by preventing access to the Internet
,do you just wish to prevent Browser access (HTTP)?If so you could write a
blocking rule for your browser under program options.
You will need to consider what ports you wish to leave open before you write
your rules if you require something else.

nbt

In message <oigUd.1667$(E-Mail Removed)>, Chris
<(E-Mail Removed)> writes
>I'm no expert but you could try this:
>
>In the Expert Rules, Add a New Rule and then set it as follows:
>
>Name: IP Block (or similar)
>State: Enabled
>Action: Block
>Track: Log
>Source: IP Address of machine you want to block Internet access.
>Destination: Trusted Zone & Internet Zone
I only want to stop access to the Internet, I want to be able to see a
share on the gateway, so I set Internet Zone only
>Time: Any

>Make sure you Save the changes by changing to another tab and clicking
>OK on the alert box that pops up.
>
>Hope this works - haven't tested it.
Unfortunately it doesn't, it would seem to be perfect from the
description but it just doesn't work, I've even gone as far as building
a new test network with ZA Pro on a W2k ICS gateway just in case there's
a silly I've missed, but no matter what I set ZA with, I cannot stop
internet access on the client machine without stopping access to the
shares on the gateway.
>
>--
>Regards,
>Chris.
>
>www.bororules.co.uk
>www.lascoronas10.co.uk
>
>
Zonealarm Pro in the bin. Any suggestions?
--
Clint Sharp

Clint Sharp wrote:
> Zonealarm Pro in the bin. Any suggestions?

Zonealarm or Kerio

--
Colin

http://www.mutleysplanet.com

Clint Sharp wrote:
>


> Zonealarm Pro in the bin. Any suggestions?

Keep it there.

After a gap of a couple of months (used ZA for years, always had some
issues with it) I renewed my ZA subscription.

By the end of the day I had reformatted and reinstalled without ZA.

Asked for a refund, but don't expect to hear back from ZA. (Never once
had a tech support question answered in the three years I had their
paid-for software.)

It is STILL full of bugs, hogs system resources, causes all sorts of
problems, and their tech support is non-existent.

May ZA go to hell.

Kerio, by comparison, is superb.


Odie
--

RetroData
Data Recovery Experts
www.retrodata.co.uk

"Odie Ferrous" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Clint Sharp wrote:
>>
>
>
>> Zonealarm Pro in the bin. Any suggestions?
>
> Keep it there.
>
> After a gap of a couple of months (used ZA for years, always had some
> issues with it) I renewed my ZA subscription.
>
> By the end of the day I had reformatted and reinstalled without ZA.
>
> Asked for a refund, but don't expect to hear back from ZA. (Never once
> had a tech support question answered in the three years I had their
> paid-for software.)
>
> It is STILL full of bugs, hogs system resources, causes all sorts of
> problems, and their tech support is non-existent.
>
> May ZA go to hell.
>
> Kerio, by comparison, is superb.
>
>
> Odie
> --
>
> RetroData
> Data Recovery Experts
> www.retrodata.co.uk

Forget that - give Sygate Personal Firewall a try.
www.sygate.com - link under "home networks" or something on the bottom left
of the screen...

Free, and nagless. V. good, and can be configured easily.

Chunks.

PS: Odie - will get in touch RE: drives soon - got my nan's funeral today.

"Clint Sharp" <(E-Mail Removed)> wrote in message
newspv6$(E-Mail Removed)...
> In message <oigUd.1667$(E-Mail Removed)>, Chris
> <(E-Mail Removed)> writes
> Zonealarm Pro in the bin. Any suggestions?
> --
> Clint Sharp

I am using ZAP5.5.062.011

If I create this I block my Browser from accessing web pages on the Internet

In General
Rank 1
State enabled
Name Browser Block
Action Block
Comments and Track none (optional)

Source My Computer
Destinations Trusted and Internet Zones

In Protocol (modify)
Protocol TCP
Description Browser
Destination Port HTTP 80
Source Port HTTP 80

Time Any

nbt

"Clint Sharp" <(E-Mail Removed)> wrote in message
newspv6$(E-Mail Removed)...
> In message <oigUd.1667$(E-Mail Removed)>, Chris
> <(E-Mail Removed)> writes
> Zonealarm Pro in the bin. Any suggestions?
> --
> Clint Sharp

I am using ZAP5.5.062.011

If I create this I block my Browser from accessing web pages on the Internet

In General
Rank 1
State enabled
Name Browser Block
Action Block
Comments and Track none (optional)

Source My Computer
Destinations Trusted and Internet Zones

In Protocol (modify)
Protocol TCP
Description Browser
Destination Port HTTP 80
Source Port HTTP 80

Time Any

nbt