Before you Begin
Before you start to configure ZoneAlarm Pro, you should think about what your goals are. Firewall rules can be either incoming or outgoing, and they can be either deny or allow. You must decide which you need to do based on your goal. Use the matrix below to help you decide which kinds of firewall rules to set up.
Specific Rules |
Reasons for Incoming Allow Rules |
Reasons for Outgoing Allow Rules |
| - Run a game server or host a game |
- Surf the web |
| - Connect to peer to peer network |
- Send and receive email |
| - Voice over IP |
- Voice over IP |
| - Instant Messaging file transfers |
- Instant Messaging in general |
| - Run web server |
- Windows Updates |
Generic Rules |
Reasons for Incoming Deny Rules |
Reasons for Outgoing Deny Rules |
| - Block malicious Internet users |
- Block a program from accessing the web |
| - Increase your network invisibility from outside |
- Restrict what people on your network can do |
| |
- Prevent certain services from functioning |
| |
- Stop trojan horses and other malware |
In addition, there are 2 completly different ways to configure Zone Alarm Pro. You only need to do one or the other. We prefer OPTION 1, but list OPTION 2 as an alternative. Remeber, you only have to do one or the other.
OPTION 1: Configure Zone Alarm Pro using Program Name Rules
There are two ways that you can configure the firewall of ZoneAlarm
Pro. The first is to use ZoneAlarm Pro to restrict the programs that
you have on your computer. Restricting the programs that reside on your
computer is a really good way to keep track of exactly what is going
on. If a program is trying to send information to the internet,
ZoneAlarm alerts you, and lets you decide what you want to do. You can
allow that program to send information to the internet, or you can
prevent it from sending information to the internet. If you decide to
allow it to send or receive that information, it can send or receive
information using any port that it wants to. That's not how I would
want my firewall to act. What would happen if that program gets
replaced with some other program? I'm not sure, but I don't think it
would be good. I would rather specify the exact ports that program
should be using. Fortunatly ZoneAlarm Pro allows us to do just that by
setting up Expert Rules. Be sure to setup a default deny rule, which
will be describe a little further down the page. Take a look at the
following list of guides to see how to setup expert rules. |
Step 1 - Setup your specific rules
The rules you pick here depend on your goals. See the table above to help you decide which rules you need to setup. |
Optional - Open Incomming Traffic by Program Name.
Think of this as a port forward for you firewall. By enabling an incoming port, you allow people on the outside to get inside your network. Possible reasons for this are to run Peer to Peer networks, host game servers, and to run internet servers behind your firewall. Use this option with caution as it opens your network up to outsiders. |
Optional - Open Outgoing Traffic by Program Name.
Think of this option as controlling the software that is installed on your PC. Many programs need to communicate with the Internet, and they do this through outgoing ports. If you are surfing the web, then you are talking on an outgoing port. You need to open an outgoing port for any application that you want to enable to talk on the Internet. You may, however, have a program that you do not want to allow to talk on the Internet. In this case, you can firewall it by simply not opening up its outgoing ports. This option is much safer than incoming ports because it does not open you computer up from the inside.
|
Step 2 - Setup your generic rules
Once you have setup the ports to allow for this program, you
need to add a rule that denies everything that is not allowed. This
DenyAll rule will reject any traffic that did not match the previous
rules. The DenyAll rule needs to be the last rule on the list. Take a
look at the following links to see exactly how to create the DenyAll
rules. |
Highly Recomended - Deny All Incoming Traffic by Program Name.
This rule will prevent malicious Internet users from getting into your network from the outside. It is a default rule that prevents incoming connections from accessing your computer. Everyone should have this default rule listed below all of their specific rules. |
Highly Recomended - Deny All Outgoing Traffic by Program Name.
This rule will prevent programs on your computer that you have not specifically authorized from accessing the Internet. It is a good idea to have this rule enabled because it helps prevent trojan horses and email worms from "phoning home" if your computer gets infected. This rule should be below all of your specific rules. |
You can stop now if you are following OPTION 1.
OPTION 2: Configure Zone Alarm Pro using Port Number Rules
The second way to configure the ZoneAlarm Pro is to use the firewall section to regulate
trafic in and out of your computer. Firewall rules can be thought of as
system wide rules that apply to every program. Firewall rules and
program rules work very well together. If a port is blocked with
firewall rules, that port is blocked for every program. When a port is
bloked by firewall rules, that port is blocked even if there are
program rules that allow that port for that program. The opposite is
true for program rules. If a port is allowed through the firewall rules
but the port is blocked by the program rules, the port will be blocked
for that program. Just remember that blocking happens first, and ports
are only allowed if they are never blocked and have an allow rule. Once
again, if you plan on using firewall rules, be sure to setup a default
deny rule. The default deny rule will be explained a little further
down the page. Take a look at the following links for guides on how to
setup firewall rules. |
Step 1 - Setup your specific rules
The rules you pick here depend on your goals. See the table above to help you decide which rules you need to setup. |
Optional - Open Incomming Traffic by Port Number.
Think of this as a port forward for you firewall. By enabling an incoming port, you allow people on the outside to get inside your network. Possible reasons for this are to run Peer to Peer networks, host game servers, and to run internet servers behind your firewall. Use this option with caution as it opens your network up to outsiders. |
Optional - Open Outgoing Traffic by Port Number.
Think of this option as controlling the software that is installed on your PC. Many programs need to communicate with the Internet, and they do this through outgoing ports. If you are surfing the web, then you are talking on an outgoing port. You need to open an outgoing port for any application that you want to enable to talk on the Internet. You may, however, have a program that you do not want to allow to talk on the Internet. In this case, you can firewall it by simply not opening up its outgoing ports. This option is much safer than incoming ports because it does not open you computer up from the inside. |
Step 2 - Setup your generic rules
Once you have setup the ports to allow for this program, you
need to add a rule that denies everything that is not allowed. This
DenyAll rule will reject any traffic that did not match the previous
rules. The DenyAll rule needs to be the last rule on the list. Take a
look at the following links to see exactly how to create the DenyAll
rules. |
Highly Recomended - Deny All Incoming Traffic by Port Number.
This rule will prevent malicious Internet users from getting into your network from the outside. It is a default rule that prevents incoming connections from accessing your computer. Everyone should have this default rule listed below all of their specific rules. |
Highly Recomended - Deny All Outgoing Traffic by Port Number.
This rule will prevent programs on your computer that you have not specifically authorized from accessing the Internet. It is a good idea to have this rule enabled because it helps prevent trojan horses and email worms from "phoning home" if your computer gets infected. This rule should be below all of your specific rules.
|
|
