background image

7

2..2  Zones

In addition to rules, zones also play an important role. A zone can be defined by any of the following:

•  individual IP address (for example 192.168.1.1)

•  IP Address range (from 192.168.1.1 to 192.168.1.5)

•  subnet (192.168.1.0 / mask 255.255.255.0, which means addresses from 192.168.1.1 to 192.168.1.255)

A zone can contain a single IP address or several IP addresses defined by a range or subnet. You can also specify 
groups of IP addresses, which can be useful when creating rules. Some zones are predefined and can’t be modified 
or removed. These zones are listed below: 

•   

Trusted zone

  The Trusted zone consists of IP addresses, address ranges or subnets which are recognized by the Personal 

firewall as safe. Adding IP addresses or ranges to this category will change the behavior of ESET Smart Security 
when accessing shared folders and printers. If any computer is assigned a different IP address not belonging to 
the Trusted zone, the Personal firewall will treat that network as not trusted.

•   

Networks marked as Not trusted

  The opposite of the Trusted zone.  It should list all IP addresses, address ranges and subnets that are 

automatically treated as not trusted. In such a network, shared folders and printers are by default disabled, and 
the computer will not be visible to other computers in the network.

•   DNS servers

  Specifies DNS servers which client is allowed to use.

•   

Local addresses

  Specifies IP addresses by which the client is represented (usually contains the IP address 127.0.0.1 and IP addresses 

assigned to all network adapters). 

Zones can also be used for specifying strict rules in the Personal firewall. 

The behavior of the Personal firewall in a new network is determined by the option 

Do not display dialog with 

Trusted zone settings when changes in the network adapter settings are detected

 

(

e.g., change of IP address

)

located in 

Advanced setup...... > Personal firewall > Rules and zones

. If this option is enabled and the computer 

receives communication by an IP address not specified by the Trusted zone, then this subnet is automatically 
treated as not trusted (see 

Strict Protection

, below).

Summary of Contents for PERSONAL FIREWALL

Page 1: ...ESET Personal Firewall we protect your digital worlds User Guide...

Page 2: ...Personal Firewall Copyright 2008 by ESET spol s r o ESET Personal Firewall was developed by ESET spol s r o For more information visit www eset com All rights reserved No part of this documentation m...

Page 3: ...re are several reasons A Personal firewall can eliminate attacks from within the local network e g an infected guest notebook connecting to the corporate network A Personal firewall allows the adminis...

Page 4: ...This mode is based on user defined rules as well as a basic set of predefined rules If a rule already exists to allow or deny a specific type of communication that rule is automatically applied For c...

Page 5: ...may wish to allow communication on port 443 HTTPS There are three ways to accomplish this o Wait until the web browser establishes communication on port 443 e g when you log in to your online banking...

Page 6: ...ve been defined the connection is denied and no dialog window is displayed This is the main difference between Interactive and Policy based mode Policy based mode is well suited to large corporate net...

Page 7: ...rewall will treat that network as not trusted Networks marked as Not trusted The opposite of the Trusted zone It should list all IP addresses address ranges and subnets that are automatically treated...

Page 8: ...add the IP addresses 217 67 22 98 and 72 32 7 91 and name it Internet FTP servers Create a new rule allowing outgoing FTP communication On the Remote tab add the zones Trusted zone and Internet FTP s...

Page 9: ...ication is enabled only for Outlook Express and HTTP traffic only for Mozilla Firefox 2 4 Rule configuration strategy in large networks If you wish to set the most strict level of network access for c...

Page 10: ...program settings based on an existing configuration In both cases the Zone and rule setup dialog windows are similar to each other Items with grey background mark rules defined by ESET In certain cas...

Page 11: ...e name of the application process to which the rule applies Remote port target communication port or group of ports Remote address target IP address or IP address range or subnet NOTE The rule order i...

Page 12: ...3 IMAP IP addresses of your email servers remote address can be filled in if you want very strict protection Web browsing Out TCP Web browser process 80 HTTP 443 HTTPS or proxy server port FTP client...

Page 13: ...ication Remote port Remote address svchost exe ven Out TCP svchost exe 443 update microsoft com download microsoftupdates com windowsupdate microsoft com 3 1 Detection of modified applications The App...

Page 14: ...and downloads PDF documents from the Internet Thus a specific rule exclusion would need to be defined to allow this activity 3 2 Logging network activity Information about processed or blocked activi...

Page 15: ...firewall can be viewed by clicking Protection status Personal firewall from the main program window You can right click to open a context menu showing additional options such as Temporarily deny comm...

Page 16: ...an existing user defined rule is renamed a duplicate rule is created after the configuration is applied If you want to use an exported configuration but want to change Personal firewall settings only...

Page 17: ...ss of the filtering mode This will prevent users from seeing dialog windows asking them to add the current subnet to the Trusted or Not trusted zone ESET Smart Security does not contain any predefined...

Reviews: