www.donhoover.net Home Page
ZoneAlarm Help

ZoneAlarm Help Home
ZoneAlarm Overview Section
Product Info
ZoneAlarm Firewall Section
ZoneAlarm Program Control Section
ZoneAlarm AV/AS Section
Spy Site Blocking
ZoneAlarm Parental Control Section
ZoneAlarm Browser Security Section
ZoneAlarm E-mail Protection Section
ZoneAlarm Identity Protection Section
Trusted Sites
ZoneAlarm Alert and Logs Section
Log Viewer

Creating Expert Rules

Creating Expert Rules

First thing you need to do is to get to the kind of expert rule you want to create. First firewall expert rules are global in nature, they affect the entire connection

Firewall Expert Rule List

This is where you start adding expert firewall rules. Just click this add button.

Now for Program expert rules, go to the program list in ZA and right click on the program you want to add an expert rule to, and select options, then select the expert tab and this is what you will get.

Program Expert Rule List

And just like the firewall expert rules you click add.

General Area

Once you get this far the rest of creating an expert rule is the same.

Add Rule Interface

First thing you want to determine is rank. Now for Firewall expert rules this is a big deal. Each rule is enforced in the order listed, and only the first rule that matches will be enforced. But for program expert rules all the rules are enforced equally, so the order doesn't make any difference, except for the blocking rule (to be explained later)

The second thing you want to determine is the Name of the rule. This is required so give it a name that you will know what it means.

Next you can add any comments in that you need to help your figure out later why you did this rule.

Next you need to pick the state. Enabled means this rule will be checked, disabled means that the rule will be ignored. This comes in handy when first writing rules and you need to find out what the problem is or if the rule is doing what you want it to.

State Menu

Next is the Action that you want. Allow means this rule allows a connection to go through. Block means this connection is blocked.

Action Menu

Next is the track options. Alert and log means you will get a popup and you will get an entry in the log that this rule was enforced. Not just that it was blocked, but that the conditions in the rule were met. Log will just give you a log entry, and then none means that you will not be told when this rule is met.

Track Menu

Source Area

Next is figuring out the source. You have several selections you can choose from for your source. First is My computer is just that, your own computer, Trusted zone is your computer and any others that have been listed in the trusted zone. Internet zone is everything that is not your computer or trusted, and any is both internet and trusted zone.

Source Modification Menu

For Host or site you want to first give it a name, and then an web address, but don't enter in the http:// or ftp:// all you need is the web address. Then you need to click the lookup button to get the IP address.

Host / Site Add Form

Next is adding an IP address. Once again just give it a name and then enter in the IP address.

Add IP Address Form

Next is adding an IP Range. Give it a name and then enter the first IP address and then the last IP address.

IP Range Form

Next is a subnet. Again give it a name then enter in the base IP address, then enter in the subnet mask.

Add Subnet Form

Next is adding a gateway. This is if you want to just allow traffic from your gateway for this rule, and no place else.

Adding Gateway Form

Next is an area where you can create groups of locations. When doing this you the same choices to add as above, the host / site, IP address, IP Range and Subnet. And you add them they same way.

Add Location Groups Form

And next is used if you already have a group created that you want to add.

Add Location Groups to Rule Form

Destination Area

This section is identical to the Source area. Top
Protocol Area

Here is where you enter the protocol or Port number that you want to use for the rule, and there are several ways to do this also. You can also click on a protocol that you have added and edit it or delete it.

First is adding a protocol. First you need to give it a name then if the name of the protocol isn't in the protocol drop down list then just click on ANY and enter in the port number.

Add Protocol Form

You can also add groups of protocols using this form,

Add Protocol Group

And if you have an existing group you want to add tot he rule, use this form,

Add Existing Protocol Group

The last thing you can change for the expert rule is a time component. You can also click on an existing time component and edit it or remove it.

Add Time Component Form

Again the first thing you do is give it a name, then select the times you want it to be in affect, then select the days you want it to be in affect. Use the ctrl and shft keys to select groups or add a day to the selection.
Add Time Rules

You can also create time groups to add.

Create Time Groups

And then if you have existing time groups you can then select those groups to add in.

Add Exisitng Groups

Finishing The Expert Rules

Now all you have to do is click OK and that expert rule is done.