In this page you can set the global options for the firewall. Internet Zone is generally all the computers outside your computer or LAN. The trusted zone is the area either inside your LAN or just your computer. The trusted zone should be left on medium unless you are prepared to enable every single TCP connection your computer uses. Your computer talks to itself via TCP more than you suspect. You can tell this kind of communication because it shows up as going to or coming from 127.0.0.1. The other IP address is whatever your computer is set to use, generally 192.168.0.1 unless you change it deliberately. The Blocked Zones are just that, blocked. You can no longer go to that location.
If you click the Custom button in the internet zone you will see this window.
It is actually split into two section, high, and if you scroll down medium. If you are on high, then you can change the settings in the high area, and if you are on medium, then you can change the medium settings. If you change the settings for the other section, it will not make a difference.
If you click the Custom button in the trusted zone you will see this window.
The setup of settings here is done the same way it is done in the internet zone. It is actually split into two section, high, and if you scroll down medium. If you are on high, then you can change the settings in the high area, and if you are on medium, then you can change the medium settings. If you change the settings for the other section, it will not make a difference.
If you click the Advanced button in the trusted zone you will see this window.
This can be one of the strangest part of the firewall, because it spans so many different settings. First is the gateway enforcement. This checks to see if you have a router that is compatible. If it is, It will work with ZA to better protect you. If it is not compatible nothing will happen.
Next is the Internet Connection Sharing. The first option is This computer is not on an ICS/NAT Network. This is normally a stand alone computer or a computer connected thru a router where the router does the DHCP, so internet connection sharing is not turned on. The next selection is This is a client of an ICS/NAT gateway running ZoneAlarm security software Use this setting if you get your internet connection from another computer running ZoneAlarm. The next selection is This computer is an ICS/NAT gateway which is used if your computer is sharing the internet connection to other computers. Your computer must be running for them to have an internet connection. If you use either of the last two options, then ZoneAlarm will automatically detect the correct IP address of the client or host computer and enter it in the box. Then you will need to select either the suppress or forward alerts if you want. This comes in handy if you have a setup where the first computer connected to the internet is being run as a server/firewall for other computers. That way any alerts will be displayed on the other computer and you can deal with them without going to the host computer.
Next is the General section and it has a lot of neat little options.
The next section is the Network Settings section. It is self explanatory. I suggest leaving these settings to the default.