Configuring Advanced Firewall Settings Updated May 02, 2021 20:32 Advanced options let you further customize your firewall configuration. Here, you can: Configure general settings based on protocols, packet types, types of services, and types of traffic. These apply to both - the Trusted Zone and the Public Zone. Configure network settings to include newly detected networks in the Trusted Zone, so that traditional local network activities, such as file and printer sharing, are not interrupted. Note: ZoneAlarm software detects only networks that your computer is physically connected to. Routed or virtual network connections are not detected. Enable IPv6 networking. Configuring Advanced Global Firewall Settings To configure advanced global firewall settings: Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client. Click Settings in the Advanced Firewall section. Click Advanced Settings.The Firewall Settings window opens and shows the Advanced settings. In the General Settings area, select or clear the configuration options as necessary: Block all fragments Blocks all incomplete (fragmented) IP data packets, which hackers sometimes create to bypass or disrupt network devices that read packet headers. Note: Do not select this option, unless you are aware of how your Internet provider handles fragmented packets. If you select this option, the ZoneAlarm software silently blocks all fragmented packets. It does not send alerts or create log entries. Block trusted servers Prevents all programs on your computer from acting as servers to the Trusted Zone. Note: This setting overrides permissions granted through the Program Permissions settings Block public servers Prevents all programs on your computer from acting as servers to the Public Zone. Note: This setting overrides permissions granted through the Program Permissions settings Enable ARP protection Blocks all incoming ARP (Address Resolution Protocol) requests, except broadcast requests for the address of the target computer. Also blocks all incoming ARP replies except for those that come in response to outgoing ARP requests. Filter IP traffic over 1394 Selected by default. It filters FireWire traffic. Note: You must restart your PC for the changes to take effect. Allow VPN protocols Selected by default. It allows the use of common VPN protocols (ESP, AH, GRE, SKIP), even in High security mode. When this option is not selected, the VPN protocols are allowed only in Medium security mode. Allow uncommon protocols at high security Allows the use of protocols, other than ESP, AH, GRE, and SKIP, in High security mode. Lock hosts file Selected by default. Prevents the hosts file on your computer from being modified by hackers through sprayers or Trojans. Click OK to save the configuration changes and exit, or continue to Firewall Network settings Configuring Firewall Network Settings To configure Firewall Network settings: Click in the ANTIVIRUS & FIREWALL panel of the ZoneAlarm software client. Click Settings in the Advanced Firewall section. Click Advanced Settings.The Firewall Settings window opens and shows the Advanced settings. In the Network Settings area, select or clear the configuration options as necessary: Include networks in the Trusted Zone upon detection. Automatically assigns all newly discovered networks to the Trusted Zone. This setting gives the least amount of protection. Exclude networks from the Trusted Zone upon detection. Automatically assigns all newly discovered networks to the Public Zone. This setting gives the most amount of protection. Ask which Zone to place new networks in upon detection.*for Windows XP only Selected by default. For each newly discovered network, ZoneAlarm lets you assign that network to the Public Zone or to the Private Zone. Automatically put new unprotected wireless networks (WEP or WPA) in the Public Zone*for Windows XP only Selected by default. ZoneAlarm automatically assigns newly discovered unprotected wireless networks to the Public Zone. NOTE: A secure (protected) wireless network is WPA enabled. Enable IPv6 networking Selected by default. Enables IPv6 for operating systems that support it. When ZoneAlarm Firewall is set to block IPv6, the Windows network settings show that IPv6 is disabled. NOTE: You must reboot the system for the changes in IPv6 network settings to take effect. Click OK.