|February 1, 2004
guide assumes that you have already already installed ZoneAlarm on your
system. If you have not, please look at this article: Installing
Here is the main page for
ZoneAlarm. You can access this control panel by double-clicking on
the "ZA" icon in your system tray.
OK, configuring ZoneAlarm
is a bit tricky. It takes some time so we'll go through all the different
settings and we'll get through this.. I promise!
Section - Status Tab
Here is the overview of your
system. It tells you how many times you've been alerted etc.
From here you can also view the tutorial or download updates as they become
Section - Product Info Tab
You'll find version information
and you can change your registration information here.
Section - Preferences Tab
Set these preferences as
you like. They can also be left as default.
Section - Main Tab
Okay, depending on your system
setup, your settings here may be different. In the "Internet Zone
Security", a few of you will be able to keep the setting here at "High"
while most of you will need to back the setting down to "Medium" for your
webserver to work. There is an easy way to tell. Leave the
"Internet Zone Security" set as "High". Now, use a web browser to
access the website that is running on the server. If you see this
purple titled message:
If you see the previous message,
click "Remember this answer the next time I use this program" and click
"Yes". You can leave the "Internet Zone Security" set as high.
If instead you see a red
title message that says your machine was intruded upon and the attack was
blocked, then you need to back down the "Internet Zone Security" setting
down to "Medium". When you do this, you'll get the same purple titled
message as above. You will need to keep your "Internet Zone Security"
set as "Medium".
How come there is a difference
between the two? I don't know. In either case, the goal is
to let ZoneAlarm know that we do in fact want the server program to act
as a server and to give it the proper permission when asked.
In the "Trusted Zone Security",
You can leave this set at "Medium".
Section - Zones Tab.
If your network of computer
is behind a router, you can change the adapter subnet entry from "Internet"
to "Trusted". If you don't have a router and are directly connected
to the Internet, then you should keep this zone as "Internet".
You can also designated specific
IP address, sites, subnets, or networks as "Trusted" or "Internet sites".
Whenever you make changes,
make sure to click on "Apply" for the changes to take effect.
Control Section - Main Tab
You can keep the settings
at default here. Basically, with these settings, when a program tries
to access the Internet or act as a server, it will prompt you for permission.
If you want to grant the program permission. Click "Yes". For
most programs, when prompted with an alert, you should also check the box
that remembers your answer so you won't have to be alerted each time the
program wants to do something.
Control Section - Programs Tab
Here is a list of programs
that either try to access the Internet or act as a server. A green
check mark means that it has permission and doesn't need to ask you each
time. A blue question mark means that the program will ask for permission
before it is allowed to do anything. A red X means that it is not
allowed to access or serve the Internet.
You can change the permissions
for each program by left clicking on the symbol and selecting a new setting.
This list will get longer
each time you use and give permission for different programs to access
the Internet or act as servers. It takes a training period before
you stop getting alerts.
Let's go through an example
so we can understand what's going on here.
For example, a program that
needs to access the Internet is Symantec's Norton Antivirus (Live Update).
ZoneAlarm is going to catch the program as it tries to access the Internet
and we'll see how this all works.
Notice that Norton Antivirus
Live Update isn't listed in the Program Control list.
Now I'll start Norton Antivirus
LiveUpdate which will try to connect to the Internet.
You'll see this alert from
In this example, we know
that the program that is trying to access the Internet is a valid program,
but what if you didn't know what it was? All you have to do is click
on "More Info" under the AlertAdvisor warning. You'll see a description
of the program that is trying to access the Internet. If the description
is ok, then you're okay. If you happen to be infected with a virus
or trojan, then the description will say so and advise you to block the
program from connecting to the Internet.
In this case, we know that
Norton Antivirus is safe, so check the box labeled "Remember this answer
the next time I use this program" so that it won't prompt you every time
you run this program again. Click "Yes".
Now look in the ZoneAlarm
Program Control. You'll the program you just allowed or denied listed
with the setting you chose for it. In the example here, we just used
the one called "LiveUpdate Engine COM Module". You can see that the
program is allowed to access the Internet, but it isn't allowed to run
as a server unless it asks you first. Looking at the list, the only
program that is allowed to run as a server is "Internet Information Services"
which makes sense.
ZoneAlarm will go through
this training period where it will ask you for permission each time a program
tries to access the Internet or act as a server. I suggest that once
you install ZoneAlarm, you quicken the learning of ZoneAlarm by using all
your programs that access the Internet right away so that the permissions
can be set quickly. Run your email programs, servers, messengers,
update programs, games, etc, until the ZoneAlarm list is fully populated
with the programs and their respective permissions. This is especially
important for your server programs. Access your website, ftp, mail,
or any other server program you have on your computer and set the permissions
right away. You don't want to find out later that your ZoneAlarm
was blocking your web visitors for the past 2 weeks. For a few days
after you have installed ZoneAlarm, I would pay special attention to ZoneAlarm
to make sure that your computer has learned the proper settings and your
visitors can still access your site.
& Logs Section - Main Tab
Make sure that "Alert Events
Shown" is set to "On" (which is default). You want to be notified
when ZoneAlarm is blocking and intrusion since you want to make sure that
the intrusion isn't actually a visitor or something desirable. If
you set this to "off", you'll never know what's going on.
& Log Section - Log Viewer Tab
Here is a log of all the
activity that ZoneAlarm has seen. It's a good idea to look through
this once in a while to see if there anything really bad going on.
This section is also very useful for troubleshooting. For example,
if you can't connect to the webserver from the outside of your LAN and
you don't have any pop-up messages, you should check these logs.
If you see a entry that is blocking a port that you want open, then you
know to adjust your settings to be more open.
Protection Section - Main Tab
You can leave the MailSafe
Settings to "On". This helps prevent you from getting email viruses.
There you go, ZoneAlarm in
a flurry. There are a lot of settings and although I gave you a basic
guide to setting it up for your server, I highly recommend sitting down
and really playing with it to test out all the features so that you fully
understand what's going on. This piece of software really requires
a lot of trial and error. Change a setting, try it out, change a
setting, try it out. ZoneAlarm is a very good firewall, especially
for free. You just need to make sure it works for your particular