Firewall and Internet Connection Sharing, VPNs, and Networking

The usual questions that come up in this area include:

Is the Personal Firewall compatible with Microsoft's Internet Connection Sharing (ICS)?

Yes, it is.

How do I configure the Personal Firewall to work with ICS?

To configure the Personal Firewall to work with ICS, all operating systems should be set as follows:

  1. From the Main Menu, click Tools|Applications, or click the Applications button.

  2. Set the following applications to Allow in the Running Applications list:

Based on the particular operating system in use, set the following applications to Allow:

When the Test button is clicked, the Personal Firewall starts the Internet Connection Wizard. Why?

The Firewall service uses the Windows System Account for access. Because each user account in Windows can have different settings, sometimes the Windows System Account does not have the same Internet Explorer settings. In this case, you must manually set up the Internet Connection Wizard after clicking on one of the Firewall's built-in links.

How do I set up the Personal Firewall to work with my CheckPoint VPN client software?

To allow CheckPoint's VPN client to work with the Personal Firewall, take the following steps, in order. Stop taking steps when the Firewall and VPN are both working:

  1. Be sure that you have set the VPN client and all of its components to Allow under the Applications List.

  2. Be sure that CheckPoint SecuRemote's firewall has not been enabled. If it has, you will need to take the following steps:

  3. Uninstall both the Firewall and the CheckPoint VPN client

  4. Reinstall the Firewall

  5. Reinstall the CheckPoint VPN client software, specifying to install it without the CheckPoint firewall

  1. Check your Traffic Logs to see if anything is being blocked when you try to use the VPN. If it is, create an Advanced Rule to allow those ports or applications.

  2. Try creating an Advanced Rule to trust all traffic for the IP of your VPN server.

  3. Try disabling driver level protection:

  4. From the Main Menu, click Tools|Options|Security.

  5. Be certain that Enable driver level protection is disabled. The default for this setting is enabled.

  1. Try disabling all security options:

  2. From the Main Menu, click Tools|Options|Security.

  3. Click to clear all options.

What should I do if experiencing a slow or non-existent connection after installing the Personal Firewall?

Here is the recommended procedure. Take the following steps, in order. Stop taking steps when your connection is working properly.

  1. Be sure that you set your browser to Allow under the Applications List.

  2. For DSL connections, be sure that you have set your NTS or PPPoE application to Allow under the Applications List.

  3. Create Advanced Rules to Allow incoming and outgoing traffic to and from all hosts and applying to <all NICs>, as follows:

  4. UDP remote and local ports 67 and 68 (one rule)

  5. TCP remote and local ports 67 and 68 (one rule)

  1. Create an Advanced Rule to trust the IP of your Internet Service Provider.

  2. Try disabling NetBIOS protection:

  3. From the Main Menu, click Tools|Options|Security.

  4. Be certain that NetBIOS Protection is disabled. The default for this setting is enabled.

  1. Try disabling driver level protection:

  2. From the Main Menu, click Tools|Options|Security.

  3. Be certain that Enable driver level protection is disabled. The default for this setting is enabled.

  1. Try disabling all security options:

  2. From the Main Menu, click Tools|Options|Security.

  3. Click to clear all options.

Should I Allow the win32 kernel core or ntkernel component? What about ICMP?

As a rule, if you are unsure about any application, you should not allow it to access the Internet. Only the applications that you specifically know about should be allowed. Under most circumstances, blocking the Windows kernel should not create a problem. However, some Internet Service Providers (ISPs) send you an ICMP message to verify that you are online. Blocking this message may cause them to turn off their interaction with your computer. If this happens, enable ICMP using the Advanced Rule editor:

  1. From the Main Menu, click Tools|Advanced Rules. You may have to click OK on a warning message before entering the Editor.

  2. Click Add. This will bring up a new rule template.

  3. Give the rule a name, such as "Allow ICMP", and then click Allow this traffic.

  4. Click the Ports and Protocols tab, and select ICMP from the dialog box. You will get another list of options from which to choose.

  5. Click Echo Reply - 0 and Echo Request - 8.

  6. Click OK to exit this rule.

  7. Click OK to exit the Advanced Rule editor.