Print

Previous

Next

Setting general security options

These controls apply global rules regarding certain protocols, packet types and other forms of traffic (such as server traffic) to both the Trusted Zone and the Public Zone.

To modify general security settings:

  1. Select COMPUTER | Advanced Firewall and click Advanced Settings.
  2. In the General area, choose your security settings.

Block all fragments

Blocks all incomplete (fragmented) IP data packets. Hackers sometimes create fragmented packets to bypass or disrupt network devices that read packet headers.

Caution: If you select this option, ZoneAlarm security software will silently block all fragmented packets without alerting you or creating a log entry. Do not select this option unless you are aware of how your online connection handles fragmented packets.

Block trusted servers

Prevents all programs on your computer from acting as servers to the Trusted Zone. Note that this setting overrides permissions granted in the Programs panel.

Block Internet servers

Prevents all programs on your computer from acting as servers to the Public Zone. Note that this setting overrides permissions granted in the Programs panel.

Enable ARP protection

Blocks all incoming ARP (Address Resolution Protocol) requests except broadcast requests for the address of the target computer. Also blocks all incoming ARP replies except those in response to outgoing ARP requests.

Allow VPN Protocols

Allows the use of VPN protocols (ESP, AH, GRE, SKIP) even when High security is applied. With this option disabled, these protocols are allowed only at Medium security.

Allow uncommon protocols at high security

Allows the use of protocols other than ESP, AH, GRE, and SKIP, at High security.

Lock hosts file

Prevents your computer’s hosts file from being modified by hackers through sprayer or Trojan horses. Because some legitimate programs need to modify your hosts file in order to function, this option is turned off by default.

Disable Windows Firewall

Detects and disables Windows Firewall.

Filter IP over 1394 traffic

Filters FireWire traffic. You will need to restart your PC for these filter changes to take effect.

  1. Click OK.

Note - ZoneAlarm filters Internet Protocol version 6 (IPv6) traffic by default. When the ZoneAlarm firewall is set to block IPv6, it also tells Windows not to use it, so you will see IPv6 disabled in your network settings.

See Also

Setting advanced security options

 
©2011 Check Point Software Technologies Ltd. All rights reserved. Some features are only in premium products