Zone Alarm Problems

Discussion in 'Virtual PC' started by The Gatekeeper, Dec 16, 2006.

  1. Hi guys, hope somebody can help me here (please...)

    I have installed Virtual PC 2004 onto my Windows XP Pro system. No problems
    I have installed a copy of Windows 98 onto the Virtual PC. No problems there.
    However, whenever I try and access a network connection... NADA.
    When I completely shut down Zone Alarm Pro, and then try and access a
    network connection from within Virtual PC... SUCCESS!
    This means that to get network access from within Virtual PC I need to
    completely shut down Zone Alarm (not just reduce the security slider), which
    puts my main pc at risk!

    Strange thing is, Win98 on the Virtual PC IS getting a DHCP allocated IP
    address, and if I try and use duplicate network names then it kicks off quite
    correctly and tells me that the name is already in use on the network (which
    means I have a network presence). And yes, I can ping my localhost and my own
    IP address within the VIrtual PC, even with Zone Alarm running.

    To sum up (finally) I can get an allocated ip address to my router, and I
    can get network validation, I just can't communicate with Zone Alarm running.

    Does anybody know how to poke holes through Zone Alarm to allow the Virtual
    PC o/s to communicate with the rest of my network? Which ports and protocols
    are used? Is it a NetBios session being blocked thru Zone Alarm?

    Any input gratefully received (sorry for waffling on...)

    The Gatekeeper, Dec 16, 2006
  2. Since AVG and Avast are free, I use those in my virtual machines. I tried
    ZA once and while I don't remember if had your problem, I did have some.
    Colin Barnhorst, Dec 16, 2006
  3. I have Zone Alarm running in both my host and my guest. I first had your
    problem and found that the host ZA was popping up a "Microsoft Virtual PC is
    trying to access the internet" panel BUT since I was running the guest in
    full-screen I didn't see it!! Since I didn't see it, I couldn't authorize it.

    Try running your guest in a reduced size window and try accessing the web
    again from the guest. You should see a pop-up from the host ZA wanting your
    approval. If this doesn't work, then use the host ZA in the Programs tab and
    use the Add button -- go looking for the MS VPC executable and double-click
    it. This will also authorize it through the firewall.

    If, somehow, you have denied access for some reason or another, then go to
    the same Programs tab in the host ZA and check for "Microsoft Virtual PC" and
    manually authorize it for access.


    Grand_Poohbah, Dec 16, 2006
  4. Hi, thank you for the reply,

    btw, I should have mentioned that I don't have ZA running on the guest, just
    the host. My apologies for not making that clear.
    Okay, I just tried this. I didn't get a note from ZA asking for permission
    so I went into the Programmes tab in ZA and removed the vpc executable from
    the program list. Then I clicked add and added the vpc executable back in as
    a new instance. I then allowed super trusted and full access to local and
    internet zones.
    I then went to advanced options for vpc on the program tab and allowed vpc
    to use other progs to access the internet (just in case).

    I also entered my local ip network range into the advanced firewall settings
    to make sure they had unrestricted access in the local trusted zone.

    Unfortunately this made no difference. (sorry...)

    I notice that when I go to my win98 guest o/s and use ipconfig to check my
    network settings, I do actually get the router gateway address correctly,
    however I get no response from it when I ping it. If I shut down ZA on the
    host o/s then everything works just perfectly with full network and internet
    access, indicating to me that the network settings on the guest o/s are okay.

    The problem seems to be that ZA is blocking vpc from network access through
    the host o/s, which is puzzling me immensely, as I have followed your
    suggestions for allowing full access in the programs tab.

    I was wondering if there was a set of ports or protocols I need to configure
    in ZA onthe host to allow vpc the access it needs.

    Apologies for posing a problem here but I am completely baffled by this one.

    Thanks for your support so far
    The Gatekeeper, Dec 16, 2006
  5. Steve:

    That is certainly strange. I checked both my ZA (host & guest) and they
    have no strange settings other than allowing the whole range of DHCP-allowed
    IP addresses, not just the ones you have assigned to your computers. For
    instance, my Router (Linksys) allows a range of IP addresses to be assigned
    (X.X.X.100-150 in my case). I made sure that the whole range was allowed

    One of my guests (I have 5) is Win98SE and it's ZA is set up "normal" and
    allows Firefox and IE through it's firewall; and then my host's ZA is set so
    that MSVPC can access the web also. Nothing special there either.

    Are you using your router for DHCP? Could it be that your guest isn't
    seeing the router so it cannot obtain a correct IP address for your local
    network and using a "made up" one?

    Could you possibly have both the Windows Firewall and ZA on the host active?
    This could cause problems also. Let me think on this for a bit. I'll get
    back to you soon.

    Grand_Poohbah, Dec 16, 2006
  6. The Gatekeeper

    dr del Guest


    Is this zonealarm pro or free?

    The reason I ask is free does not support networks as far as I can remember
    and this is what you need I think.

    When I set mine up I was using the main comp as a gateway and had to set
    this as an option in zonealarm and make sure the iprange for the network was
    set to trusted.

    dr del
    dr del, Dec 16, 2006
  7. ZA Free supports networks just fine. You just have to go into the settings
    for Zones and allow your IP range as "trusted".

    Grand_Poohbah, Dec 16, 2006
  8. Hi
    thanks again for the reply, much appreciated.
    (Answer for dr del at the end of this mssg-thanks)


    Yep, I can confirm that I have done the same, I allowed the entire range
    I know where you're going with this one as I have had this happen to me
    before :) I can confirm that I am using the router for dhcp and the address
    that it is assigning for the guest o/s is the same address I am getting back
    in ipcfg. The gateway address is also correct and is the same one that my
    host is using. I have not played with any settings in Win98 as they seem to
    work when I shut down ZA.
    Good thinking and I checked this out, but I have disabled the Windows
    firewall in control panel so it shouldn't be interfering in any way.

    Thanks for your time on this one, it's got me very confused.

    In answer to dr del, I am using Zonealarm Pro which I have configured to
    allow vpc full and unrestricted access to the local and internet zones as
    suggested by GP (see my second post). A real puzzle this one...

    Thanks so far...
    The Gatekeeper, Dec 16, 2006
  9. I saw you were given information about entering your IP address under
    Firewall -> Zones. The next thing I had to do to run Win98SE and ZA was to
    change the Firewall->Main->Trusted Zone Security to Medium.
    Bill Bradshaw, Dec 16, 2006
  10. I should have also stated these are settings for ZA on the host running
    WinXP Pro.
    Bill Bradshaw, Dec 16, 2006
  11. Hi and thanks for your input,

    I just tried this but... no luck i'm afraid. I even tried the Trusted Zone
    slider right down in the off position with the same negative result. In
    desperation I also put the Internet Zone slider down to minimum as well but
    still no luck.

    This is what is puzzling me, whatever I do to allow VirtualPC have access to
    the local zone, nothing seems to work until I completely shut ZA pro down on
    the host (which results in shutting down the TrueVector monitor...)

    I have been toying (very cautiously) with the advanced options under the vpc
    program entry in ZA Pro, and I have tried poking standard udp ports through
    the firewall just for the vpc program, as well as allowing vpc to use "other
    programmes to access the internet", but I just can't seem to get my guest to
    talk to my network at all.

    Thanks for the suggestion, but still no luck I'm sorry to say...

    The Gatekeeper, Dec 16, 2006
  12. Just to let you guys know I will be offline for the next 19 hours or so due
    to working commitments.

    Thanks for your help so far, and my apologies for posing such a difficult
    I will attempt to contact Zonelabs on Monday and see what their input will be.

    Appreciate your help so far
    The Gatekeeper, Dec 16, 2006
  13. The Gatekeeper

    dr del Guest

    Hi again,

    have you turned on sharing onboth comps and can access shared folders
    correctly both ways? Just thought it might help narrow down what section of
    the process is aup'd

    dr del
    dr del, Dec 17, 2006
  14. The Gatekeeper

    dr del Guest

    Ah cool,

    Didn't know that - last time I looked it didnt even have the bits I enter
    the options into ;-)

    dr del
    dr del, Dec 17, 2006
  15. Hi,
    I just got in from work and checked my messages. Thanks for replying (again

    Yep, I turned file sharing on in the Windows XP host and I installed and
    turned on File and Print sharing in Win98 on the guest. I tried logging onto
    Win98 as Microsoft Family AND Windows logon, neither of which make any
    difference at all I'm sorry to say. (I also made sure that both host and
    guest are on the same workgroup, which they are...)

    Once again, Zone Alarm has stubbornly blocked something vital that stops vpc
    from talking through to my network. I did check out the ZA logs (both for
    programmes and firewall activity) but whatever is being blocked is not
    creating a log entry in ZA so unfortunately I hit a dead-end on that one.

    I still find it strange that the guest can correctly identify my gateway
    address (and subnet mask) but not talk to it. It knows it's there but za pro
    has shut the door on traffic. Very strange...

    Thanks for your continued support on this,
    (p.s. to all: will be offline again in around 3 hours, gotta get some kip
    before starting another 12-hour shift :-(
    The Gatekeeper, Dec 17, 2006
  16. Hi again Hunter

    Well, I tried what you said but I still get no response from my router. I
    even tried opening up a DOS prompt and pinging my router gateway address but
    I got 100% loss.

    Once again, if I shut down Zonealarm Pro and unload the TrueVector tsr then
    everything springs to life, I can ping my router and get network and internet
    access no problems.

    I still reckon the TrueVector is blocking something. As usual I have had NO
    reply from ZoneLabs whatsoever (typical...)

    I am resigned to turning off Zonealarm whenever I need to use the vpc, and
    turning it back on when I have finished.

    The Gatekeeper, Jan 6, 2007
  17. Well all you people out there in forum land, I am happy to report that I have
    FINALLY resolved this little problem, which was (as I stated) a setting in
    Zone Alarm Pro!!!

    Now I can't take ANY credit for this one, I worked with a very experienced
    member on one of the Zone Alarm User Group forums who managed to spot what I
    had missed and who was VERY helpful in guiding me in the right direction, so
    a VERY big thank you to that forum member for all of your efforts, very much

    His solution was simple, all ya gotta do is to go to the Zone Alarm
    "Firewall" screen, click on the "Zones" tab and have a look at what is listed
    as your default "network" (usually right at the top in the format
    x.x.x.0/255.x.x.x). Then all ya gotta do is go down to the bottom and click
    on the "Add" button, then select Subnet. Put in the same IP address and
    subnet mask that is listed in the entry marked "network", give it a name,
    click ok and apply it.

    There you go, job done. For some reason Zone Alarm is blocking VPC at a
    subnet level on the HOST pc. Once this entry has been added to Zone Alarm Pro
    on the host pc then it all starts to work, it's that simple. One thing did
    catch me out though, make sure you UN-TICK the box in the advanced section
    that is labelled "enable ARP protection" as this will effectively block ALL
    communication between the VPC and the host. I use a different type of arp
    protection on my network so I don't need to enable this in Zone Alarm Pro.

    So there you go folks, thanks to my persistence in another forum you now
    have a solution, but I will take no credit for it, I post it merely to help
    other users of THIS forum in the event that they are experiencing the same
    The Gatekeeper, Feb 13, 2007
  18. oops... forgot to mention, in my particular setup I also had to add the
    gateway address manually in the DNS settings of my guest o/s (Windows 98),
    for some reason when running on a Virtual PC I had to force Windows 98 to
    look at the router gateway address as the DNS server address. Sorry... nearly
    forgot that...

    The Gatekeeper, Feb 13, 2007
