|
Sygate Personal Firewall and Windows 2003
A quick guide to getting Sygate personal firewall to work with Windows 2003 and Active Directory
Sygate personal
firewall is my favourite free firewall and has features that blow away
a lot of the commercial firewalls available out there. At this point,
let me stress that just because you have a hardware router or firewall
you still need a software firewall on all your PCs to stop worm
outbreaks inside your network. Obviously
your hardware router/firewall protects you from hackers trying to
connect to your machine from the internet, but what about viruses and
trojans that may slip past your virus scanner and install themselves on
your PC. The first thing these nefarious programs usually do is connect
to remote servers to upload data scraped from your computer or download
additional nefarious plug-ins. A software firewall will alert you to
these connections and let you know all is not well. If
you run Sygate personal firewall (FREE) on all your PCs then you should
have this covered. Installing Sygate personal firewall on your
workstation PCs is very simple. Most users will be using sygate in this
configuration and it's pretty simple, however if you're having problems
with sending and receiving email you should below Getting Sygate to work with Outlook or other Email clients
If you can't send email unless you set Sygate to "Allow All" then this
rule should work for you. This rule allows ICMP packets from your ADSL
router to be delivered back to your PC. Step-by-Step:
TOOLS -> ADVANCED RULES -> ADD -> configure below:
- General Tab
---- Rule Description: Allow ICMP Type 3,4
---- Action: Allow this traffic
---- Advanced Settings: All network interface cards
---- Screensaver Mode: Both on and off
---- Record this traffic in "Packet Log" [OPTIONAL]
- Hosts Tab
---- Remote Host: All addresses
- Ports and Protocols Tab
---- Protocol: ICMP
---- Select:
------- Destination Unreachable - 3
------- Source Quench - 4
---- Traffic Direction: Both
- Scheduling Tab
---- Enable Scheduling: UNCHECKED
- Applications Tab
---- [NOT NEEDED] (thanks to red_jack for providing information on this one) | Initially
when we installed Sygate personal firewall on Windows 2003 (with Active
Directory) we were unable to log onto the domain from the computers in
the test network. Some experimentation with the "Allow All" rule led us
to believe this was more of a firewall settings hiccup than a bug in
Sygate. Many
IT administrators will tell you that in a situation like this you need
a corporate firewall like Microsoft ISA Server 2004 to firewall both
the internet connection and the local LAN (yes that's right, the new
version of ISA lets you set up firewall on as many NIC interfaces as
you like) This is good advice but I find that ISA doesn't include any
kind of application blocking. This is fine if you only use the server
for administration and don't run applications on it, but if you're like
me you'll want added security so if a malicious program does get onto
the server then you'll at least receive a prompt when it [the
unregistered program] tries to connect to the internet. Before
you create rules in Sygate you will want to untick the "Hide Windows
Services" and "Hide Broadcast Traffic" boxes on the main Sygate window.
This is because when you create a rule later, Sygate will remember if
these boxes were ticked and not display some of the registered programs
in the application list. This can be a real pain and took us a while to
work out what was wrong. Obviously once you have finished configuring
your firewall rules you can turn these on and off without a problem,
but during configuration, turn them both off (unticked) If
you create an Allow rule for your local subnet (that's the protected
LAN) that allows anything to or from that network card (192.168.1.x) on
my test network, then Windows 2003 / Sygate does seem to allow Windows
XP users to login (but windows 2k users logins take for ever - I call
it the three-day login) Depending
on the services running on your sever you could start out with an
Advanced Rule that is Allow-All for your LAN and then slowly tighten
the rule by removing applications from the list of selected
applications pertaining to this rule. Getting Sygate to work with Windows 2003
If you're running Windows 2003 and you're having trouble accessing the
network/internet with your workstations then you need to follow the
following rules. In the example below 192.168.1.1/255.255.255.0 refers
to the private LAN. Step-by-Step:
TOOLS -> ADVANCED RULES -> ADD -> configure below:
- General Tab
---- Rule Description: Allow LAN
---- Action: Allow this traffic
---- Advanced Settings: Only the network card attached to your LAN
---- Screensaver Mode: Both on and off
---- Record this traffic in "Packet Log" [OPTIONAL]
- Hosts Tab
---- Remote Host: Subnet -> 192.168.1.1/255.255.255.0
- Ports and Protocols Tab
---- Protocol: ALL
---- Select:
---- Traffic Direction: Both
- Scheduling Tab
---- Enable Scheduling: UNCHECKED
- Applications Tab
---- Select All | It
can be hard to test if you have the rules right because the base rules
in Sygate seem to block DHCP lease-givings meaning your workstation PCs
won't be able to get an IP Number from the server and consequently
can't access the network or internet. Manually dumping the IP lease and
renewing it on the client PCs is a good way to fast track this rule
testing process but we found that it wasn't always reliable. (Sometimes
the PC would not renew it's lease after a cold-boot but would do a soft
renew/release fine) Release and Renew your IP Address
This procedure is useful for testing your rules to make sure they
work with your DHCP server
Start->Run->cmd
IPConfig /release
IPConfig /renew
IPconfig /all | Unfortunately
you might be in a situation where you want to employ some of the
firewall features of Sygate on your Local Area Network (great if you
don't really trust your local users that much) We've not had much
success with setting rules to only allow certain protocols/ports purely
because most users run a variety of programs that use all manner of
ports and protocols. If your network environment is more strict you
could of-course create simple rules to allow HTTP/Email only.
Robbo (Friday, 13 January 2006)
Hey I hear that Symantec have bought Sygate and intend to discontinue the free version of Sygate Personal Firewall some time this year. Better get yourself a copy and get it registered before it vanishes for ever. Thanks Symantec! | the toolman (Friday, 13 January 2006)
i installed a copy of sygate personal firewall. i then dailed my ip b it finished dialling and the the pc just crashed and reboot so i had remove the program so be carefull | ja ja (Wednesday, 22 February 2006)
hot!!!!!!!!!!! | Marc Johnson (Monday, 13 March 2006)
The above tip for having Outlook work did the trick! I beat my head on the desk for a day trying to get it working. I don't like what Symantec does with products; the Norton firewall was a mess before and I'm not sure it's going to get better. I miss Sygate already! | Marty (Tuesday, 14 March 2006)
Hey there's plently of people complaining that Symantec said they would offer cheap upgrades from Sygate to Symantec, but now it looks as though it's only for non-server editions of windows. Everyone else has to go to Symantec corporate editions which are much more pricey. strewth! | Shannon Dart (Friday, 19 May 2006)
I had the trial sygate installed in my computer now it is locked in my system and has
slowed it down considerably. Please tell me how to unlock the sygate. I
do not want to buy the product. I am most upset with this. | Anonymous (Tuesday, 13 November 2007)
this is good firewall | David Scully (Friday, 22 February 2008)
I have found in the past this is a great firewall |
Using Cacti to measure temperatures
Guide to using Cacti with USB TEMPer thermometers Free Internet TV
Download free internet TV 680i LT No sound
How to fix the sound problem on XFX Nforce 680i LT motherboards Sygate Personal Firewall and Windows 2003
A quick guide to getting Sygate personal firewall to work with Windows 2003 and Active Directory Virtual Computers
Need to run a different operating system on your PC but still want access to all your programs, emails and movies? a Virtual computer can do the job for you. Desktop Sharing
No, it's not a new form of corporate downsizing, it's networking at its best! Xenu Link Sleuth
Websites come and go, you'll need to check you website for link errors regularly Top 10 Free Softwares
Our Top 10 List of the most useful free software you need for your PC Mozilla Firefox Secure Browsing
Web browsers, we all use them, but how much to do know about them - and how much do they know about you?
Find more information on Google
| 
Games
Home
Back