PDA

View Full Version : ZoneAlarm missing Firewall Zones tab for subnet. New NAT router won't show Entire Network.


June 30th 04, 10:18 AM
Intro, Yesterday's project: pc1, pc2, existing cable modem to Netgear
rp614na Ethernet router. Per Netgear quick install, Internet worked for both
PCs - - Good.

Already done: only TCP/IP bindings [1]



But current trouble is lack of File & Printer Sharing, as seen when trying
to open Entire Network and/or Workgroup and/or individual pc (the other pc).
Before installing router, both PCs had had File & Printer Sharing turned
off.

Probably irrelevant: In Win Network of both PCs, I've tried various settings
for File & Printer Sharing: "Disabled", "Enabled", "Automatic", but general
result is: some lack of visibility [2] occurs for the PC "Master Browser"
set "Disabled".

PROGRESS: Web clues told me ZoneAlarm might be the hang up. This was
confirmed because both PCs see files properly if I shutdown both ZA.

Based on further web clues, I think I should be able to run ZA. Because...
1 Shutdown Za on pc2. ZA on only pc1 with pc2's subnet in pc1 Firewall
Zones. Now, pc1 can see pc2 files. 2-way network usability between the PCs.
2 (If pc2 ZA is running, it's ZA shows pc1 subnet IP "blocked" message, when
pc1 tries to open Entire Network.)



Trying to imitate subnet entry success on pc1, I'd like to add pc1 subnet to
pc2 ZA... But pc2's ZA is MISSING FIREWALL ZONES tab!!! So I can't add pc1
subnet to pc2's ZA. . I installed slightly newer ver. ZA[3], but same
problem, Firewall Zones tab is not there.[4]

I'm wondering if some Windows "Internet Options" or "Network" settings are
influencing the Zlsetup to avoid creating the "zones" tab for the firewall
dialog of ZoneAlarm.

Can anyone suggest .. something? I see this as a ZoneAlarm problem. No clues
found in searches on forums.zonelabs.com. I might post there next.


Footnotes:
----------
Pc1 and pc2 have different histories, one was Win ME OEM, other was upgrade
from 98 SE. Both are now WinME. Both have slightly different IE/Internet
Options security settings (leapfrog-like evolution).

They have very different hardware (D-link Nic card vs 3com chips on
Motherboard . Celeron vs AMD. Etc. )
Their Win Network lists contain different Adapters. (pc1 NDSIWAN, ms Vpn,
support, #2, 3com integrated etc. pc2 ms Tv/Video Connection (why? What's
this?), d-link, Cnet Pro2000 (Cnet adapter appeared with d-link NIC
install))

Both: Primary logon is Windows Logon, though MS Client Networks is still
listed. Both now have an automatic logon, user name "default". (password are
blank, but for extra security, maybe I could store a password while still
have automatic logon at startup?)

No IIRC, or interactive games (no need for IPX/SPX). No server or remote
access uses anticipated.

Standard Netgear router's settings, except I replaced password.

[1] Per grc "bondage" pages, I've fiddled with NetBEUI protocol, and
bindings. Eventually I noticed that only TCP/IP bindings allow Internet
access (because this router uses only TCP/IP?), so I've since Removed
NetBEUI. Result: ShieldsUp shows router (maybe with assist from ZA) is
stealthing all 1056 ports - good.

[2] Lack of visibility are balking at: 1) Entire Network", 2) not seeing
workgroup, or 3) not opening the (other) pc to see list of shared
folder/printers. After discovering Za blocking, in both PCs' Win Network
I've set File & Printer Sharing: "Master Browser" Enabled.

[3] ZoneAlarm Free. Zlsetup attempted on pc2 are today's download
5..0.590.043 and a previous recent version 5..0.590.015. That previous
5..0.590.015 is allowing me to use the zones tab on pc1

[4] Firewall Zones tab may have always been missing, when pc2 wasn't
networked. But I hadn't any reason to look for the tab. Hmmm.. comparing ZA
dialog in both PCs... I see pc2 also lacks the "Preferences" and "Product
Info" tabs in "Overview" dialog. And I think "Preferences" (and likely
Product Info) were missing before I downloaded the slightly newer Zlsetup.
I always choose "clean install" during zlsetup.


----
duplicate posted to msn news server and 'regular' newsgroups(perhaps someone
wants to read possible solution.)

B.J.Honeycut
June 30th 04, 03:46 PM
On Wed, 30 Jun 2004 09:18:09 > penned this
whopper in microsoft.public.windowsme.networking

> Intro, Yesterday's project: pc1, pc2, existing cable modem to Netgear
> rp614na Ethernet router. Per Netgear quick install, Internet worked
> for both PCs - - Good.
>
> Already done: only TCP/IP bindings [1]
>
>
>
> But current trouble is lack of File & Printer Sharing, as seen when
> trying to open Entire Network and/or Workgroup and/or individual pc
> (the other pc). Before installing router, both PCs had had File &
> Printer Sharing turned off.
>
> Probably irrelevant: In Win Network of both PCs, I've tried various
> settings for File & Printer Sharing: "Disabled", "Enabled",
> "Automatic", but general result is: some lack of visibility [2]
> occurs for the PC "Master Browser" set "Disabled".
>
> PROGRESS: Web clues told me ZoneAlarm might be the hang up. This was
> confirmed because both PCs see files properly if I shutdown both ZA.
>
> Based on further web clues, I think I should be able to run ZA.
> Because... 1 Shutdown Za on pc2. ZA on only pc1 with pc2's subnet in
> pc1 Firewall Zones. Now, pc1 can see pc2 files. 2-way network
> usability between the PCs. 2 (If pc2 ZA is running, it's ZA shows pc1
> subnet IP "blocked" message, when pc1 tries to open Entire Network.)
>
>
>
> Trying to imitate subnet entry success on pc1, I'd like to add pc1
> subnet to pc2 ZA... But pc2's ZA is MISSING FIREWALL ZONES tab!!! So I
> can't add pc1 subnet to pc2's ZA. . I installed slightly newer ver.
> ZA[3], but same problem, Firewall Zones tab is not there.[4]
>
> I'm wondering if some Windows "Internet Options" or "Network" settings
> are influencing the Zlsetup to avoid creating the "zones" tab for the
> firewall dialog of ZoneAlarm.
>
> Can anyone suggest .. something? I see this as a ZoneAlarm problem. No
> clues found in searches on forums.zonelabs.com. I might post there
> next.
>
>
> Footnotes:
> ----------
> Pc1 and pc2 have different histories, one was Win ME OEM, other was
> upgrade from 98 SE. Both are now WinME. Both have slightly different
> IE/Internet Options security settings (leapfrog-like evolution).
>
> They have very different hardware (D-link Nic card vs 3com chips on
> Motherboard . Celeron vs AMD. Etc. )
> Their Win Network lists contain different Adapters. (pc1 NDSIWAN, ms
> Vpn, support, #2, 3com integrated etc. pc2 ms Tv/Video Connection
> (why? What's this?), d-link, Cnet Pro2000 (Cnet adapter appeared with
> d-link NIC install))
>
> Both: Primary logon is Windows Logon, though MS Client Networks is
> still listed. Both now have an automatic logon, user name "default".
> (password are blank, but for extra security, maybe I could store a
> password while still have automatic logon at startup?)
>
> No IIRC, or interactive games (no need for IPX/SPX). No server or
> remote access uses anticipated.
>
> Standard Netgear router's settings, except I replaced password.
>
> [1] Per grc "bondage" pages, I've fiddled with NetBEUI protocol, and
> bindings. Eventually I noticed that only TCP/IP bindings allow
> Internet access (because this router uses only TCP/IP?), so I've since
> Removed NetBEUI. Result: ShieldsUp shows router (maybe with assist
> from ZA) is stealthing all 1056 ports - good.
>
> [2] Lack of visibility are balking at: 1) Entire Network", 2) not
> seeing workgroup, or 3) not opening the (other) pc to see list of
> shared folder/printers. After discovering Za blocking, in both PCs'
> Win Network I've set File & Printer Sharing: "Master Browser" Enabled.
>
> [3] ZoneAlarm Free. Zlsetup attempted on pc2 are today's download
> 5..0.590.043 and a previous recent version 5..0.590.015. That previous
> 5..0.590.015 is allowing me to use the zones tab on pc1
>
> [4] Firewall Zones tab may have always been missing, when pc2 wasn't
> networked. But I hadn't any reason to look for the tab. Hmmm..
> comparing ZA dialog in both PCs... I see pc2 also lacks the
> "Preferences" and "Product Info" tabs in "Overview" dialog. And I
> think "Preferences" (and likely Product Info) were missing before I
> downloaded the slightly newer Zlsetup. I always choose "clean install"
> during zlsetup.
>
>
> ----
> duplicate posted to msn news server and 'regular' newsgroups(perhaps
> someone wants to read possible solution.)
>
>

Maybe not relevant, but you shouldn't have both set as master browser; one
should be on auto or never.

--
"Time will bring to light whatever is hidden;
it will cover up and conceal what is now shining in splendor."
Horace (65 - 8 BC); Roman poet.

Mike

N. Miller
July 1st 04, 07:31 AM
In article >, says...
> Intro, Yesterday's project: pc1, pc2, existing cable modem to Netgear
> rp614na Ethernet router. Per Netgear quick install, Internet worked for both
> PCs - - Good.

> Already done: only TCP/IP bindings [1]

>
> But current trouble is lack of File & Printer Sharing, as seen when trying
> to open Entire Network and/or Workgroup and/or individual pc (the other pc).
> Before installing router, both PCs had had File & Printer Sharing turned
> off.

> Probably irrelevant: In Win Network of both PCs, I've tried various settings
> for File & Printer Sharing: "Disabled", "Enabled", "Automatic", but general
> result is: some lack of visibility [2] occurs for the PC "Master Browser"
> set "Disabled".

In my LAN, I have the Windows Me computer running an MTA set with the Master
Browser as "Enabled", and the other Windows Me computer set to "Automatic".
The MTA reference is only because that computer spends the most time up and
running; the computer which is on the longest is the only one which should
have the Master Browser enabled.

> PROGRESS: Web clues told me ZoneAlarm might be the hang up. This was
> confirmed because both PCs see files properly if I shutdown both ZA.

> Based on further web clues, I think I should be able to run ZA. Because...
> 1 Shutdown Za on pc2. ZA on only pc1 with pc2's subnet in pc1 Firewall
> Zones. Now, pc1 can see pc2 files. 2-way network usability between the PCs.
> 2 (If pc2 ZA is running, it's ZA shows pc1 subnet IP "blocked" message, when
> pc1 tries to open Entire Network.)

Hmmm. I am kind of stumped about this one. There should only be one subnet;
all LAN computers are members of that subnet. If you intend for sharing
files and printers between them, that is. The firewalls on all PCs behind
the router should all be set to trust all addresses in the router's LAN
block. Your LAN IP should be a block in, say 192.168.0.0; with the last
dotted quad being anything from 1 to 254. Your ZA firewall should trust all
addresses in that range; 192.168.0.1 to 192.168.0.255, with subnet mask
255.255.255.0. All copies of ZA on all PCs in the LAN should have that
established as a trusted network.

> Trying to imitate subnet entry success on pc1, I'd like to add pc1 subnet to
> pc2 ZA... But pc2's ZA is MISSING FIREWALL ZONES tab!!! So I can't add pc1
> subnet to pc2's ZA. . I installed slightly newer ver. ZA[3], but same
> problem, Firewall Zones tab is not there.[4]

I am not familiar with ZA. Do you have an "Advanced" options setting which
needs to be enabled? Or maybe it is set to be on a gateway computer? Your
router is your gateway, and any software firewall should ***NOT*** be set as
a gateway firewall.

> I'm wondering if some Windows "Internet Options" or "Network" settings are
> influencing the Zlsetup to avoid creating the "zones" tab for the firewall
> dialog of ZoneAlarm.
>
> Can anyone suggest .. something? I see this as a ZoneAlarm problem. No clues
> found in searches on forums.zonelabs.com. I might post there next.
>
>
> Footnotes:
> ----------
> Pc1 and pc2 have different histories, one was Win ME OEM, other was upgrade
> from 98 SE. Both are now WinME. Both have slightly different IE/Internet
> Options security settings (leapfrog-like evolution).

Not relevant.

> They have very different hardware (D-link Nic card vs 3com chips on
> Motherboard . Celeron vs AMD. Etc. )

Not relevant.

> Both: Primary logon is Windows Logon, though MS Client Networks is still
> listed. Both now have an automatic logon, user name "default". (password are
> blank, but for extra security, maybe I could store a password while still
> have automatic logon at startup?)

Windows Logon is good. Password isn't really necessary in a trusted physical
environment.

> No IIRC, or interactive games (no need for IPX/SPX). No server or remote
> access uses anticipated.

Only affects a need for port forwarding in the router; don't worry about it.

> Standard Netgear router's settings, except I replaced password.

> [1] Per grc "bondage" pages, I've fiddled with NetBEUI protocol, and
> bindings. Eventually I noticed that only TCP/IP bindings allow Internet
> access (because this router uses only TCP/IP?), so I've since Removed
> NetBEUI. Result: ShieldsUp shows router (maybe with assist from ZA) is
> stealthing all 1056 ports - good.

Actually, the Internet use TCP/IP. With the router in place, the GRC
"bindings" isn't entirely necessary. You can leave NetBIOS accessible behind
the router because it should be blocking NetBIOS packets between the LAN and
the WAN. ZA is not helping to maintain "stealth" on the router; indeed, you
shouldn't see any incoming packets in the ZA logs at all.

> [2] Lack of visibility are balking at: 1) Entire Network", 2) not seeing
> workgroup, or 3) not opening the (other) pc to see list of shared
> folder/printers. After discovering Za blocking, in both PCs' Win Network
> I've set File & Printer Sharing: "Master Browser" Enabled.

Only the computer expected to remain powered up the longest should be the
Master Browser; no other computer should be set as the Master Browser.
>
> [3] ZoneAlarm Free. Zlsetup attempted on pc2 are today's download
> 5..0.590.043 and a previous recent version 5..0.590.015. That previous
> 5..0.590.015 is allowing me to use the zones tab on pc1

All copies of ZAF should be set to trust all IP addresses assigned by the
router.

> [4] Firewall Zones tab may have always been missing, when pc2 wasn't
> networked. But I hadn't any reason to look for the tab. Hmmm.. comparing ZA
> dialog in both PCs... I see pc2 also lacks the "Preferences" and "Product
> Info" tabs in "Overview" dialog. And I think "Preferences" (and likely
> Product Info) were missing before I downloaded the slightly newer Zlsetup.
> I always choose "clean install" during zlsetup.

Again, I suggest looking for something like an "Advanced" tab. I vaguely
recall (from using it three years ago) some such setting. BTW, I gave it up
when I discovered that ZAF on a gateway computer could not be set to maximum
security. Tiny Personal Firewall, the one which is now called Kerio Personal
Firewall, had a special "gateway" setting for a computer acting as the
gateway in an ICS setup. Of course, now I have a router, so I don't use that
gateway setting. But I got used to using KPF, so it stayed.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Lil' Dave
July 1st 04, 05:47 PM
Am really confounded by many that say to use TCP/IP for sharing as this is
also same protocol for the internet. Really basic to the core here. Duh.

Am using NETBEUI protocol for local sharing (file and printer sharing).
TPC/IP is exclusively used for internet use only here amongst all 3 PCs.
Including one XP which I forced netbeui protocol (can be done) for sharing
only. Others espouse using another common protocol which is more difficult
to setup and use for sharing in Win98. That's where common sense, if it
exists anymore, drops out the window. "That's what they're used to doing"
etc.

You have to setup ZA to share, its not default there buddy. Read the help
stuff. Don't share TCP/IP.

This is not an MS issue, just a common sense and ZA read the help arena
issue. Using intranet and internet with the two different protocols.
Disable sharing with TCP/IP after setting up sharing. Windows will enable
sharing with all protocols you have enabled sharing initially. You need to
install ZA after all is said and done. Hope the bell is sounding for you.
> wrote in message
...
> Intro, Yesterday's project: pc1, pc2, existing cable modem to Netgear
> rp614na Ethernet router. Per Netgear quick install, Internet worked for
both
> PCs - - Good.
>
> Already done: only TCP/IP bindings [1]
>
>
>
> But current trouble is lack of File & Printer Sharing, as seen when trying
> to open Entire Network and/or Workgroup and/or individual pc (the other
pc).
> Before installing router, both PCs had had File & Printer Sharing turned
> off.
>
> Probably irrelevant: In Win Network of both PCs, I've tried various
settings
> for File & Printer Sharing: "Disabled", "Enabled", "Automatic", but
general
> result is: some lack of visibility [2] occurs for the PC "Master Browser"
> set "Disabled".
>
> PROGRESS: Web clues told me ZoneAlarm might be the hang up. This was
> confirmed because both PCs see files properly if I shutdown both ZA.
>
> Based on further web clues, I think I should be able to run ZA. Because...
> 1 Shutdown Za on pc2. ZA on only pc1 with pc2's subnet in pc1 Firewall
> Zones. Now, pc1 can see pc2 files. 2-way network usability between the
PCs.
> 2 (If pc2 ZA is running, it's ZA shows pc1 subnet IP "blocked" message,
when
> pc1 tries to open Entire Network.)
>
>
>
> Trying to imitate subnet entry success on pc1, I'd like to add pc1 subnet
to
> pc2 ZA... But pc2's ZA is MISSING FIREWALL ZONES tab!!! So I can't add pc1
> subnet to pc2's ZA. . I installed slightly newer ver. ZA[3], but same
> problem, Firewall Zones tab is not there.[4]
>
> I'm wondering if some Windows "Internet Options" or "Network" settings are
> influencing the Zlsetup to avoid creating the "zones" tab for the firewall
> dialog of ZoneAlarm.
>
> Can anyone suggest .. something? I see this as a ZoneAlarm problem. No
clues
> found in searches on forums.zonelabs.com. I might post there next.
>
>
> Footnotes:
> ----------
> Pc1 and pc2 have different histories, one was Win ME OEM, other was
upgrade
> from 98 SE. Both are now WinME. Both have slightly different IE/Internet
> Options security settings (leapfrog-like evolution).
>
> They have very different hardware (D-link Nic card vs 3com chips on
> Motherboard . Celeron vs AMD. Etc. )
> Their Win Network lists contain different Adapters. (pc1 NDSIWAN, ms Vpn,
> support, #2, 3com integrated etc. pc2 ms Tv/Video Connection (why? What's
> this?), d-link, Cnet Pro2000 (Cnet adapter appeared with d-link NIC
> install))
>
> Both: Primary logon is Windows Logon, though MS Client Networks is still
> listed. Both now have an automatic logon, user name "default". (password
are
> blank, but for extra security, maybe I could store a password while still
> have automatic logon at startup?)
>
> No IIRC, or interactive games (no need for IPX/SPX). No server or remote
> access uses anticipated.
>
> Standard Netgear router's settings, except I replaced password.
>
> [1] Per grc "bondage" pages, I've fiddled with NetBEUI protocol, and
> bindings. Eventually I noticed that only TCP/IP bindings allow Internet
> access (because this router uses only TCP/IP?), so I've since Removed
> NetBEUI. Result: ShieldsUp shows router (maybe with assist from ZA) is
> stealthing all 1056 ports - good.
>
> [2] Lack of visibility are balking at: 1) Entire Network", 2) not seeing
> workgroup, or 3) not opening the (other) pc to see list of shared
> folder/printers. After discovering Za blocking, in both PCs' Win Network
> I've set File & Printer Sharing: "Master Browser" Enabled.
>
> [3] ZoneAlarm Free. Zlsetup attempted on pc2 are today's download
> 5..0.590.043 and a previous recent version 5..0.590.015. That previous
> 5..0.590.015 is allowing me to use the zones tab on pc1
>
> [4] Firewall Zones tab may have always been missing, when pc2 wasn't
> networked. But I hadn't any reason to look for the tab. Hmmm.. comparing
ZA
> dialog in both PCs... I see pc2 also lacks the "Preferences" and "Product
> Info" tabs in "Overview" dialog. And I think "Preferences" (and likely
> Product Info) were missing before I downloaded the slightly newer Zlsetup.
> I always choose "clean install" during zlsetup.
>
>
> ----
> duplicate posted to msn news server and 'regular' newsgroups(perhaps
someone
> wants to read possible solution.)
>
>

Dick Kistler
July 2nd 04, 02:05 AM
If you are convinced its a ZA problem, roll back to version 4.5. Version 5
has serious problems-you may have just found another. In any case, ZA 4.5 is
clearly more stable and bug free. To do a clean uninstall follow the
instruction here: http://don.hoover.net/uninstall.html. Don't waste your
time on version 5 any more.

Dick Kistler

July 5th 04, 09:48 AM
I'd found ZA was the trouble (as the trouble seemed to be) Hmm... but, I
thought I cross posted, though don't see the post on this ng.
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&selm=cc0hmb%24jo1%241%40news.astound.net

I do see plenty of useful responses here. (:

"N. Miller" > wrote in message
om...
> In article >, says...


> > Probably irrelevant: In Win Network of both PCs, I've tried various
settings
> > for File & Printer Sharing: "Disabled", "Enabled", "Automatic", but
general
> > result is: some lack of visibility [2] occurs for the PC "Master
Browser"
> > set "Disabled".
>
> In my LAN, I have the Windows Me computer running an MTA set with the
Master
> Browser as "Enabled", and the other Windows Me computer set to
"Automatic".
> The MTA reference is only because that computer spends the most time up
and
> running; the computer which is on the longest is the only one which should
> have the Master Browser enabled.

My pcs have been running fine theses few days with both Enabled. I wonder
why Master Browser has been given a setting? And wonder why recommendations
are always: "Set only one pc as Enable". I doubt I'll carry out an
investigation, unless the LAN stops running for causes seemingly related to
Master Browser.

> > PROGRESS: Web clues told me ZoneAlarm might be the hang up. This was
> > confirmed because both PCs see files properly if I shutdown both ZA.
>
> > Based on further web clues, I think I should be able to run ZA.
Because...
> > 1 Shutdown Za on pc2. ZA on only pc1 with pc2's subnet in pc1 Firewall
> > Zones. Now, pc1 can see pc2 files. 2-way network usability between the
PCs.
> > 2 (If pc2 ZA is running, it's ZA shows pc1 subnet IP "blocked" message,
when
> > pc1 tries to open Entire Network.)

(As I described in my follow-up to other cross-posted group(s), a bad Za
install was to blame. I had updated ZA with a "clean install" per ZA's
installer, but apparently the install wasn't *completely* clean. Or my
experience resulted from other freak happenstance.)


> Hmmm. I am kind of stumped about this one. There should only be one
subnet;
> all LAN computers are members of that subnet. If you intend for sharing
> files and printers between them, that is. The firewalls on all PCs behind
> the router should all be set to trust all addresses in the router's LAN
> block. Your LAN IP should be a block in, say 192.168.0.0; with the last
> dotted quad being anything from 1 to 254. Your ZA firewall should trust
all
> addresses in that range; 192.168.0.1 to 192.168.0.255, with subnet mask
> 255.255.255.0. All copies of ZA on all PCs in the LAN should have that
> established as a trusted network.

I think I may have acquired a misuse of the term 'subnet' as I interpreted
the term 'subnet' from ZA's "blocked IP" message.
The router is 192.168.0.1
pc1 is .2
pc2 is .3

If I find I can change the pcs to some other IPs within .2 to .255 range,
then I will (if only to keep numbering non standard in a simple, and
self-documented, manner).

ZA Help suggests allowing full 255 mask in ZA Firewall Zones, but I prefer
fewest necessary IPs (maybe for uselessly paranoid reasons). So, in ZA
Firewall Zones, I allowed only the two ip's assigned (term?) by the router
..2 and .3.

> > Trying to imitate subnet entry success on pc1, I'd like to add pc1
subnet to
> > pc2 ZA... But pc2's ZA is MISSING FIREWALL ZONES tab!!! So I can't add
pc1
> > subnet to pc2's ZA. . I installed slightly newer ver. ZA[3], but same
> > problem, Firewall Zones tab is not there.[4]
>
> I am not familiar with ZA. Do you have an "Advanced" options setting which
> needs to be enabled? Or maybe it is set to be on a gateway computer? Your
> router is your gateway, and any software firewall should ***NOT*** be set
as
> a gateway firewall.

I haven't touched anything that says "gateway". I believe I saw "gateway" in
only the router config.

snip
> > Footnotes:

> Not relevant.

> Not relevant.

(yes, as I suspected. Footnotes included only out of paranoia (: )


> > Both: Primary logon is Windows Logon, though MS Client Networks is still
> > listed. Both now have an automatic logon, user name "default". (password
are
> > blank, but for extra security, maybe I could store a password while
still
> > have automatic logon at startup?)
>
> Windows Logon is good. Password isn't really necessary in a trusted
physical
> environment.

Thanks for the confirm. The router is supposed provide a 'safe' LAN, and
logons are annoying. But, I'll try to stay reasonably aware of news, so when
someone manages to crack SPI, I'll search for a new solution.

> > No IIRC, or interactive games (no need for IPX/SPX). No server or remote
> > access uses anticipated.
>
> Only affects a need for port forwarding in the router; don't worry about
it.
>
> > Standard Netgear router's settings, except I replaced password.
>
> > [1] Per grc "bondage" pages, I've fiddled with NetBEUI protocol, and
> > bindings. Eventually I noticed that only TCP/IP bindings allow Internet
> > access (because this router uses only TCP/IP?), so I've since Removed
> > NetBEUI. Result: ShieldsUp shows router (maybe with assist from ZA) is
> > stealthing all 1056 ports - good.
>
> Actually, the Internet use TCP/IP. With the router in place, the GRC
> "bindings" isn't entirely necessary. You can leave NetBIOS accessible
behind
> the router because it should be blocking NetBIOS packets between the LAN
and
> the WAN. ZA is not helping to maintain "stealth" on the router; indeed,
you
> shouldn't see any incoming packets in the ZA logs at all.

I'm not using any software LAN (such as MS's NetBEUI/NetBIOS with ICS) And
my attempted variations suggest that Netgear can use only TCP/IP for LAN.

> > [2] Lack of visibility are balking at: 1) Entire Network", 2) not seeing
> > workgroup, or 3) not opening the (other) pc to see list of shared
> > folder/printers. After discovering Za blocking, in both PCs' Win Network
> > I've set File & Printer Sharing: "Master Browser" Enabled.
>
> Only the computer expected to remain powered up the longest should be the
> Master Browser; no other computer should be set as the Master Browser.

http://www.tomsnetworking.com/Sections-article64-page7.php
select one computer that's always or most frequently on that doesn't have a
wireless network connection and let it run the Browse Master service

TIP: When you disable the Computer Browser service on each machine, keep it
shut off until only the Browse Master computer is left. Then turn on the
other computers, one by one

http://www.buildorbuy.org/browsemaster.html
When 2 or more PC's each think they have the Master Browser List, they argue
until resolving this conflict which takes on average 15 minutes before
normalcy returns and LAN/WAN access returns. Yes, this is by design!

Hmm. Maybe I've been lucky. Just coincidence I haven't seen trouble.


> > [3] ZoneAlarm Free. Zlsetup attempted on pc2 are today's download
> > 5..0.590.043 and a previous recent version 5..0.590.015. That previous
> > 5..0.590.015 is allowing me to use the zones tab on pc1
>
> All copies of ZAF should be set to trust all IP addresses assigned by the
> router.

(Exactly, and only, the two IP's Netgear assigns to the two pc's adapters.)

> > [4] Firewall Zones tab may have always been missing, when pc2 wasn't
> > networked. But I hadn't any reason to look for the tab. Hmmm.. comparing
ZA
> > dialog in both PCs... I see pc2 also lacks the "Preferences" and
"Product
> > Info" tabs in "Overview" dialog. And I think "Preferences" (and likely
> > Product Info) were missing before I downloaded the slightly newer
Zlsetup.
> > I always choose "clean install" during zlsetup.
>
> Again, I suggest looking for something like an "Advanced" tab. I vaguely
> recall (from using it three years ago) some such setting. BTW, I gave it
up
> when I discovered that ZAF on a gateway computer could not be set to
maximum
> security. Tiny Personal Firewall, the one which is now called Kerio
Personal
> Firewall, had a special "gateway" setting for a computer acting as the
> gateway in an ICS setup. Of course, now I have a router, so I don't use
that
> gateway setting. But I got used to using KPF, so it stayed.
>

Similarly, I've been using ZA Free with Proxo (and occasional Adaware and
Spybot scans) for a few years, so I'm sticking with those. Mostly in hopes
of reducing Win resource wastage, I might try ZA's combo FW+AV. Deciding
will depend on news about ZA FW combo with Computer Associates AV. They
don't seem to be truly meshed.