Should I have ZoneAlarms on both PC's in my network?

[TailsNZ]

I've got a simple network of this PC which is directly connected to the internet, and another computer which accesses it from here. Both are running Windows XP.

Should I be running the ZoneAlarm firewall on both PC's? Or just on this one which is directly connected to the net?

Thanks!

 

[Captante]

You'll have tighter control over in & more importantly outbound connections by installing it on both PC's so thats what I would do ... its been a long time since I had my network configured this way (switched to routers long ago) but as far as I recall ZA doesn't filter on the application level when it comes to the second PC.

 

[cubby1223]

Unless you're stuck on dial-up, get a router so neither computer is directly connected to the internet.

 

[blodhi74]

both

 

[corkyg]

Both. But - I got rid of ZoneAlarm Pro on all systems - replaced with ZA (free) and then dumped that in favor of Kerio. ZA was just too bloated and slowed everything down too much.

 

[Slowlearner]

Internet Connection sharing (ICS) is an outdated and a very vulnerable way to share a internet connection - only the great ones at Redmond could dream this up - please, please get a router, cost rarely more than 30$, push this abomination to its well deserved RIP.

 

[Lemon law]

Disagree slow learner----I am still stuck on dial up and I find ICS rock solid---and secure with a good software firewall --and it would cost me a bundle to get a router and a dial up modem that will work with the router.

But with a software firewall---they only protect the PC they are installed on---whereas a router with a hardware firewall is basically the network itself---and will protect all PC's attached to the network.

But if you network with a router---you are always best off using both a hardware and a software firewall.---and don't attach too much faith in just a firewall---you should have many layers of defenses.

 

[TailsNZ]

Thanks guys! I have no money to even buy a router right now, so I'll go with installing ZA on both for now. I'll have a look at Kerio too.

Thanks again!!

 

[imported_Dekard]

One more thing, take a look at clarkconnect community edition. Completely free and it turns any extra pc you have into a dedicated firewall\router\server... Its very easy to setup and all it needs is an old pc. If you have a old pentium or pentium 2 hanging around you can use that... If not, ask your friends to look in the their attics or garages for one. Check Goodwill or other thrift stores... Newspapers... There are lots of places to get a free pc.

This will work better than ICS, earn you more geek points and is generally a lot better solution than ICS.

 

[InlineFive]

Originally posted by: TailsNZ
Thanks guys! I have no money to even buy a router right now, so I'll go with installing ZA on both for now. I'll have a look at Kerio too.

Thanks again!!

If you can't come up with an old computer to run Linux on I would seriously look at Kerio first. Zone Alarm is "fat" and causes too many problems.

 

[RebateMonger]

Originally posted by: InlineFive
If you can't come up with an old computer to run Linux on I would seriously look at Kerio first. Zone Alarm is "fat" and causes too many problems.

Recent dialog with client, who was setting up a new PC and wanted an L2TP VPN connection to his SBS 2003/ISA 2004 Server:

Me: "Your Certificate looks fine. I duplicated your VPN setup on my own laptop, and my laptop is working fine. The error messages look like a firewall problem on your PC."
Client: "I don't think that's it. I've told ZoneAlarm to allow the VPN connection."
Me: "Let's turn OFF ZoneAlarm."
Client: (Reluctantly) "OK, it's off."
Me: "It's working now."

This is a VERY knowledgeable client, who has been running his own Windows Server and Exchange Server for years. I spent a couple of hours on two separate Sundays, exchanging email with him and re-generating Security Certificates. He probably spent MANY more hours on this problem. More likely, he spent DAYS.

 

[TailsNZ]

Ah I do have an old PC, but it's an AMD Athlon XP 1.8ghz and that's probably too power consuming, but an old Pentium would use very little power? Compared to a router?

I think I'll switch to Kerio yeah, but with Zone Alarms it comes up with those permission boxes when installing applications? Is that important? As I couldn't seem to find out if Kerio does that or not. Sounds like Kerio is the way to go though. Thanks again guys!