Step-by-Step: Configuring ZoneAlarm Firewall
February 1, 2004


This guide assumes that you have already already installed ZoneAlarm on your system.  If you have not, please look at this article: Installing ZoneAlarm Firewall
 

Here is the main page for ZoneAlarm.  You can access this control panel by double-clicking on the "ZA" icon in your system tray.

OK, configuring ZoneAlarm is a bit tricky.  It takes some time so we'll go through all the different settings and we'll get through this.. I promise! 

Overview Section - Status Tab

Here is the overview of your system.  It tells you how many times you've been alerted etc.  From here you can also view the tutorial or download updates as they become available.

 

Overview Section - Product Info Tab

You'll find version information and you can change your registration information here.

 

Overview Section - Preferences Tab

Set these preferences as you like.  They can also be left as default.

 

Firewall Section - Main Tab

 

Okay, depending on your system setup, your settings here may be different.  In the "Internet Zone Security", a few of you will be able to keep the setting here at "High" while most of you will need to back the setting down to "Medium" for your webserver to work.  There is an easy way to tell.  Leave the "Internet Zone Security" set as "High".  Now, use a web browser to access the website that is running on the server.  If you see this purple titled message:

 

If you see the previous message, click "Remember this answer the next time I use this program" and click "Yes".  You can leave the "Internet Zone Security" set as high.

If instead you see a red title message that says your machine was intruded upon and the attack was blocked, then you need to back down the "Internet Zone Security" setting down to "Medium".  When you do this, you'll get the same purple titled message as above.  You will need to keep your "Internet Zone Security" set as "Medium". 

How come there is a difference between the two?  I don't know.  In either case, the goal is to let ZoneAlarm know that we do in fact want the server program to act as a server and to give it the proper permission when asked.

In the "Trusted Zone Security", You can leave this set at "Medium".

Firewall Section - Zones Tab.

 

If your network of computer is behind a router, you can change the adapter subnet entry from "Internet" to "Trusted".  If you don't have a router and are directly connected to the Internet, then you should keep this zone as "Internet".

You can also designated specific IP address, sites, subnets, or networks as "Trusted" or "Internet sites".

Whenever you make changes, make sure to click on "Apply" for the changes to take effect.

 

Program Control Section - Main Tab

You can keep the settings at default here.  Basically, with these settings, when a program tries to access the Internet or act as a server, it will prompt you for permission.  If you want to grant the program permission.  Click "Yes".  For most programs, when prompted with an alert, you should also check the box that remembers your answer so you won't have to be alerted each time the program wants to do something.

 

Program Control Section - Programs Tab

Here is a list of programs that either try to access the Internet or act as a server.  A green check mark means that it has permission and doesn't need to ask you each time.  A blue question mark means that the program will ask for permission before it is allowed to do anything.  A red X means that it is not allowed to access or serve the Internet.

 

You can change the permissions for each program by left clicking on the symbol and selecting a new setting.

 

This list will get longer each time you use and give permission for different programs to access the Internet or act as servers.  It takes a training period before you stop getting alerts.

Let's go through an example so we can understand what's going on here.

For example, a program that needs to access the Internet is Symantec's Norton Antivirus (Live Update). ZoneAlarm is going to catch the program as it tries to access the Internet and we'll see how this all works.

Notice that Norton Antivirus Live Update isn't listed in the Program Control list.

 

Now I'll start Norton Antivirus LiveUpdate which will try to connect to the Internet.

You'll see this alert from ZoneAlarm.

 

In this example, we know that the program that is trying to access the Internet is a valid program, but what if you didn't know what it was?  All you have to do is click on "More Info" under the AlertAdvisor warning.  You'll see a description of the program that is trying to access the Internet.  If the description is ok, then you're okay.  If you happen to be infected with a virus or trojan, then the description will say so and advise you to block the program from connecting to the Internet.

 

In this case, we know that Norton Antivirus is safe, so check the box labeled "Remember this answer the next time I use this program" so that it won't prompt you every time you run this program again.  Click "Yes".

 

Now look in the ZoneAlarm Program Control.  You'll the program you just allowed or denied listed with the setting you chose for it.  In the example here, we just used the one called "LiveUpdate Engine COM Module".  You can see that the program is allowed to access the Internet, but it isn't allowed to run as a server unless it asks you first.  Looking at the list, the only program that is allowed to run as a server is "Internet Information Services" which makes sense.

 

ZoneAlarm will go through this training period where it will ask you for permission each time a program tries to access the Internet or act as a server.  I suggest that once you install ZoneAlarm, you quicken the learning of ZoneAlarm by using all your programs that access the Internet right away so that the permissions can be set quickly.  Run your email programs, servers, messengers, update programs, games, etc, until the ZoneAlarm list is fully populated with the programs and their respective permissions.  This is especially important for your server programs.  Access your website, ftp, mail, or any other server program you have on your computer and set the permissions right away.  You don't want to find out later that your ZoneAlarm was blocking your web visitors for the past 2 weeks.  For a few days after you have installed ZoneAlarm, I would pay special attention to ZoneAlarm to make sure that your computer has learned the proper settings and your visitors can still access your site.

Alerts & Logs Section - Main Tab

Make sure that "Alert Events Shown" is set to "On" (which is default).  You want to be notified when ZoneAlarm is blocking and intrusion since you want to make sure that the intrusion isn't actually a visitor or something desirable.  If you set this to "off", you'll never know what's going on.

 

Alerts & Log Section - Log Viewer Tab

Here is a log of all the activity that ZoneAlarm has seen.  It's a good idea to look through this once in a while to see if there anything really bad going on.  This section is also very useful for troubleshooting.  For example, if you can't connect to the webserver from the outside of your LAN and you don't have any pop-up messages, you should check these logs.  If you see a entry that is blocking a port that you want open, then you know to adjust your settings to be more open.

 

E-mail Protection Section - Main Tab

You can leave the MailSafe Settings to "On".  This helps prevent you from getting email viruses.

 

There you go, ZoneAlarm in a flurry.  There are a lot of settings and although I gave you a basic guide to setting it up for your server, I highly recommend sitting down and really playing with it to test out all the features so that you fully understand what's going on.  This piece of software really requires a lot of trial and error.  Change a setting, try it out, change a setting, try it out.  ZoneAlarm is a very good firewall, especially for free.  You just need to make sure it works for your particular setup.

Good luck!

Brian
 



Installing ZoneAlarm Firewall

Additional Information

Resources: