How to configure ZoneAlarmPro For StarBand Click here for How to configure ZoneAlarm Free for StarBand

How to configure ZoneAlarmPro For StarBand

*******Click here for "How to configure ZoneAlarm Free for StarBand"

Remember this is only the basics-the version you see here is 3.1. Newer versions might look a bit different but basically the ip addresses you need to add are the same and so are the options, but they might just be in a different place.
For additional info, you can ask for help at StarBand's Newsgroup or you can email me at memberschat@starband.net

StarBand also has a website for setting up a firewall which you can use in conjunction with my website at: http://www.starband.net/support/SearchResults.asp?url=4110626031233.html
(you must log in first to view it)

Also, the ip addresses given in the FIREWALL SECTION - Zones Tab, can be used in any Firewall Program.

You should Print this Faq BEFORE you install and configure your Firewall Program, so you can follow the instructions, step by step.

Also here is a great page from Starband (but you must be logged in first) for most firewall programs.

http://www.starband.net/support/search_AskQuestion.asp

ZoneAlarm™ is a widely-used personal firewall, a free version of which is currently available from its manufacturer, Zone Labs, Inc., for personal use. It is available for download at www.zonealarm.com; there are a free version and a "Pro" version, and instructions are given for both. ZoneAlarm is a trademark of Zone Labs, Inc.

StarBand Member Services & Support does not provide support for nor specifically endorse any firewall products. To obtain support for your firewall software or hardware product, please contact the vendor directly. This document is for reference purposes only--If you choose to use ZoneAlarm firewall software with your StarBand service, this document provides important tips for avoiding some potential problems.

Overview: Configuring Configuring ZoneAlarm® Pro 3.0.x personal firewall for Residential systems
ZoneAlarm generally has been found to be compatible with the StarBand Model 360 satellite modem.

In order to set up ZoneAlarm properly for operation with your StarBand Service, you must do the following:

Set up your StarBand PC and any networking components (ICS, WinProxy, etc.) and ensure that you can successfully browse the web via your StarBand connection.
Download ZoneAlarm and install it on your StarBand PC.

Installing Zone Alarm Pro
Install ZoneAlarm® Pro personal firewall software from the installation program. Complete your information and the license manager.

The Configuration Wizard will start. ZoneAlarm will automatically configure your PC using default settings. If you wish to manually configure ZoneAlarm, uncheck the box marked "review settings". If you leave the box checked, ZoneAlarm will take you through the Configuration Wizard. The wizard lets you review the default settings. These settings can be changed later.
- Choose the type of traffic you wish to be alerted about.
- Choose cookie blocker options. StarBand recommends not blocking any cookies until the firewall is configured and working properly. Disabling cookies can cause problems with some websites. Cookie blocking may be activated later.
- Choose ad blocker options. StarBand recommends not using ad blocking until the firewall is configured and working properly. Ad blocking may cause problems with some web sites.
- Create a ZoneAlarm password. This option allows you to restrict access to ZoneAlarm settings.
After completing the Configuration Wizard, the Program Wizard will start. ZoneAlarm Pro can pre-configure access permissions, configure permissions later as programs try to access the Internet, or allow you to manually configure permissions. You may change the pre-configured permissions later if needed.

Here are pictures on how to set up Za Pro

Overview (this is what should be put in)

Firewall

Main Tab

ZoneAlarm Pro uses zones for security enforcement. The "Internet zone" refers to your Internet connection. The "Trusted zone" refers to a local LAN or any other network a user knows is secure. The "Blocked zone" refers to computers that specifically have been blocked from accessing the PC.

The firewall tab presents you with slider switches to set the level of security for each zone. The first slider refers to the Internet zone. Security can be set to High, Medium or Low.

High- This is stealth mode. The PC is hidden and sharing is not allowed.
Medium- The PC is visible on the Internet but other PCs cannot share any resources on the PC.
Low- Firewall is off. This setting leaves the PC open to hacking or attacks. This setting should never be used in the Internet zone.

Advanced Tab

FIREWALL SECTION - Zones Tab

This tab allows you to add specific IP addresses, hosts or sites, IP ranges or subnets, and designate them as trusted or blocked. Clicking the "Add" button allows you to add a Host/Site, IP Address, IP Range or a Subnet. You can then choose to put the entry in as Trusted or Blocked and enter a friendly description for the entry.

These are the ip addresses (in the picture below) that are needed For Mission Control to be able to enter the Internet and for the icon to stay Green. If you are networking you can put the LAN ip address you see below, if you are not, you do NOT need it.

**note** If ZoneAlarm doesn't put in your ip address you can get it by Right Clicking on the MC Icon. Highlight & click "Network Status"/Report Tab. Go to NetWork Parameters / Modem Parameters/PCIP Address. Your ip address will be here.

Or you can open a Command Prompt and type at the prompt: ipconfig and it will show your ip address.

These ip address can be used in any firewall program, not just ZA!

Ethernet Card (or Starband if you are on USB) 148.64.x.x /255.255.192.0 Internet Zone
(**note** your ip address will have real numbers)

Modem Address 192.168.255.252 Trusted Zone

My IP Address 148.64.x.x (yours will be filled in with numbers) Trusted Zone

You can also additionally put in the DNS server range into the Trusted Zone, if you find you cannot connect. You get this by "Right Clicking" on the MC icon. Highlight "Network Status" & click on it. Go to the "Report tab". Go to "Local Computer Parameters. Scroll down till you see DNS Server Ip Addres (2x). Your range might be 148.78.249.200-148.78.249.201.

You can also put in your HPA Address, into the Trusted Zone. if you find you cannot connect (every cluster has a different one)-Do the same as above, only look for "StarBand Software Parameters"- "HPA Address"

Also, if you are using an Ethernet or other LAN adapter for a local network (using ICS or WinProxy), you should add the subnet (192.168.0.0/255.255.255.0) to the Local Zone Contents as well. You should see it under the Networks section of Local Zone, and it simply needs to be checked.

PROGRAM CONTROL SECTION - Main Tab

This tab also presents a slider to control how programs access the Internet.

Program Control not only controls access by programs, but also access by any components of a program that try to access the Internet.

The slider should be set to Medium or Low for the first few days until Zone Alarm "learns" about components and programs on the PC. You probably will see a large number of alerts during this time. Answering the alerts, and checking the box on the alert windows to remember your answer will reduce the number of alerts after a few days.

Slider Settings:

High- Programs must ask for Internet access and server rights. Component control is active.
Medium- Programs must ask for Internet access and server rights. Component control is in "learning mode".
Low- Program and Component controls are both in learning mode.
Off- Disables all outbound firewall protection.

This tab also allows you to set up the Auto Lock feature. Auto Lock can be set to engage after a certain period of time, or when a screen saver activates. When Auto Lock engages, Internet activity is stopped to all programs except those specifically set to pass the lock. You can set Auto Lock to on or off, then configure it to engage after X minutes or when the screen saver activates. You can also specify whether to block all Internet activity, or to allow programs set up to pass the lock.

PROGRAM CONTROL SECTION - Programs Tab

This tab lists programs. It allows you to add protected programs, set the zones the program can access, set the program to act as a server, and set whether or not the program is allowed to pass the automatic lock. The first column of the list also tells you if the program is active at the time. You click the "Add" button, and then uses a file dialog box to browse to the application you wish to add.

After adding a program to the list a line will be added to the list for the program.

The line will show 4 question marks (?), 2 for access (trusted or Internet zone) and 2 for Server (trusted or Internet zone). Clicking the question marks drops a menu where you can choose to allow access, block access, or prompt for permission.

Two other columns allow you to toggle privacy settings for the application and set whether or not the application may pass the Internet lock.

Right clicking on an application on the list allows you to access the options settings for the application. The options screen shows 2 tabs, Ports and Security. Under ports you can allow the application access to all ports and protocols, or limit the application to only ports specified by you. The security tab sets how ZoneAlarm will authenticate the application. This can be set to authenticate the application and all of its' components, just the application only, or authenticate by path name only.

When alerted, be sure to allow access to the programs listed below:

Wgwlocalmanager (NettGain)
AS_Agent (RPA)
TaskBarClient
IBQOS
Gilat Quality Measurement (GilatQMS)

Here are the programs (circled) that need to be allowed for Mission Control to work.

Alerts & Logs-Main Tab
This category controls how Zone Alarm will handle alerts and logging.
This section consists of 2 tabs, Main and Log Viewer

The main tab allows you to set an alert level for informational (non-program) alerts. An example of this type of alert would be an alert telling you you are being pinged. Program alerts are always shown because you require you to grant or deny permission to the Internet.

The Alert Events Shown section can be set to High (show all alerts), Medium (show only highly rated alerts) or Off.

The second section allows you to enable or disable logging. The Program Logging section allows you to decide which alerts will be logged. This can also be set to High (log all program alerts), Medium (log only highly rated program alerts) or Off

ALERTS AND LOGS SECTION - Log Viewer tab
This tab is self-explanatory. (No picture needed). You can set the number of events to be shown in the viewer from 0 to 999. The log shows very detailed information about alerts. Clicking on a line in the viewer populates an Entry Detail box, which lists details of the event.

PRIVACY SECTION - Main tab

This section controls how ZoneAlarm handles cookies, ads and mobile code (scripts, embedded objects, etc.). NOTE: STARBAND RECOMMENDS NOT ACTIVATING COOKIE BLOCKING AND AD BLOCKING UNTIL THE FIREWALL IS CONFIGURED AND WORKING PROPERLY. COOKIE AND AD BLOCKING MAY PREVENT SOME WEB SITES FROM OPENING OR DISPLAYING PROPERLY. IN SOME CASES, AD BLOCKING HAS BEEN SHOWN TO DISABLE YOUR ABILITY TO OPEN LINKS IN DOCUMENTS OR EMAIL.

A slider controls how ZoneAlarm handles cookies. By default, the High setting blocks all cookies except "per session" cookies. The Medium setting blocks cookies from sites that might track users. It does allow cookies for personalized services. The Off setting disables cookie blocking.

You could also click on the "Custom" button, and choose additional options. These options include blocking session cookies, blocking "persistent" cookies (cookies that stay on your hard drive. These are sometimes used to remember personal settings on web pages), and blocking 3rd party cookies. The custom settings also allow you to disable web bugs and remove private header information. You can specify the time in which a cookie expires. Finally, you can enable the "Privacy Advisor". The Privacy Advisor informs you when your privacy settings conflict with a website you are visiting.

Ad Blocking is also slider controlled. High blocks all banner, pop-up, pop-under and animated ads. Medium blocks ads that do not appear within a specified number of seconds. Medium also blocks pop-up, pop-under and animated ads. Off disables ad blocking. The custom settings for ad blocking allow you to enable or disable ad blocking based on the type of ad, banner, pop-up or pop-under. It also allows you to specify what is shown in the area the ad would have appeared. These choices include showing nothing, a box with the word "AD", or a box you can mouse over to show the ad.

On/off radio buttons control the "Mobile Code Control" section. In the on position scripts, embedded objects and mime objects are disabled. In the off position these items are enabled. By clicking the "Custom" button, you can specify the specific types of mobile

PRIVACY SECTION - Site List tab

This tab shows a list of all the sites visited in the current browsing session, along with any sites for which you have edited the privacy settings. Right clicking on a site in the list and choosing "Options" allows you to change the settings discussed in the previous section.

EMAIL SECTION- Main tab

ZoneAlarm protects email by putting suspect attachments in quarantine.
The main tab uses an on/off radio button to enable/disable email protection
It is your choice to check it as "off" or "on" depending on which antivirus program you are using.

EMAIL SECTION- Attachments tab

This tab presents a list of attachment types and file extensions ZoneAlarm will quarantine by default. These range from applications (.exe) to Windows Help Files (.hlp). You also can add file types and extensions you choose.

You also can stop ZoneAlarm from putting a file type in quarantine by clicking on the quarantine icon and choosing "Allow".

At this point you should reboot (Click Start->Shut Down, select Restart option) your PC. When your PC comes back up, you may see a couple more permission requests--be sure to allow them. After this, you should see fewer alerts.
Please note that firewalls such as ZoneAlarm can cause occasional problems with games and streaming media performance on client PCs.

These are great sites to test if your firewall is doing its' job:

http://grc.com/default.htm (Scroll down till you see "Shields Up" then click it)
Make sure you also click on "Probe My Ports"

http://security.symantec.com (Scan for Security Risks)

http://www.aumha.org/a/noads.php

I would like to thank Yogi-Chi & Curt for usage of their graphics and Brian at Starband for helping me with the facts to create this faq.