FAQ |
|
Internet Shield and firewall |
01. |
|
What is Internet Shield? |
|
|
Internet Shield protects your computer against unsafe Internet traffic.
Internet Shield:
- Protects you against intruders who try to access your computer without your permission. They may, for example, try to steal your personal information, such as files, passwords or credit card numbers.
- Blocks malicious Internet traffic such as trojans. They may, for example, destroy files on your computer, crash your computer, or open ports for hackers to access your computer.
- Blocks harmful Internet traffic such as spyware. Spyware may, for example, gather information about your e-mail addresses, passwords and credit card numbers.
- Prevents malicious dialer programs from using your modem or ISDN connection to dial into expensive pay-per-minute phone numbers.
After you have installed the product, Internet Shield automatically keeps your computer protected. |
|
|
|
02. |
|
Can I use the Windows XP firewall with the F-Secure PC Protection? |
|
|
No. You cannot use the Windows XP firewall with the product. The F-Secure PC Protection already has a firewall. If you use two software firewalls simultaneously, your computer may freeze. However, you can use a hardware firewall (router) with the product.
Note: You can use the Windows XP firewall with other products that do not contain a firewall, such as the F-Secure PC Protection. |
|
|
|
03. |
|
In Internet Shield, what is the difference between the security levels and firewall rules? |
|
|
The F-Secure PC Protection includes several security levels that allow you to set more flexible or severe security policies. Security levels allow you to instantly change your level of protection according to your needs. Security levels are automatically updated to make sure that you are protected against the newest forms of malicious computer programs and Internet attacks.
Every security level is composed of a set of pre-configured firewall rules. Expert users may create their own firewall rules to modify the security level. |
|
|
|
04. |
|
How do I change the security level in the F-Secure PC Protection? |
|
|
To open the product, double-click the product icon at the bottom right corner of your screen.
To change the security level:
- Click the Internet Shield tab.
- Next to Internet Shield and the current security level, click Change.
- Read the security level descriptions carefully.
- Select the appropriate level from the list and click OK.
The Internet Shield page now shows the new security level. The firewall rules and Application Control settings change according to the selected security level. |
|
|
|
05. |
|
How do I add new firewall rules to Internet Shield? |
|
|
Before starting to create a rule, select the security level to which you want to add this rule.
Note: You may not be able to add your own rules to all security levels.
To open the product, double-click the product icon at the bottom right corner of your screen. |
|
|
|
06. |
|
Start Creating a Rule |
|
|
Enter a name for the rule and select whether the firewall rule denies or allows traffic.
To start creating a rule:
- Click the Internet Shield tab.
- Click Advanced.
- Select Internet Shield > Firewall.
- Click the Rules tab.
- Click Add. The Add New Rule dialog box opens.
- In the Name field, enter a name for the rule. Use a name that you can easily identify.
- To either deny or allow traffic, select either Deny or Allow.
- To create a rule that is valid only when you have an active dial-up connection, select Use this rule only with dial-up connection. This option is relevant only if you use a modem or ISDN for your Internet connection. You may want to select this option, for example, if you use a laptop outside your home network and access the Internet through a modem or ISDN connection. Outside your home, your laptop is not protected by the router firewall, and you may want to create a stricter rule that denies all unnecessary inbound traffic and use this rule outside home. Usually, you do not have to create a rule, and the default security level protects your computer both inside and outside home.
- Click Next >.
|
|
|
|
07. |
|
Select the IP Addresses |
|
|
Apply the rule to all network connections or specify the IP addresses and networks to which the new rule applies.
Note: The IPv6-related options are only available if your operating system is Microsoft Windows Vista.
To select the IP addresses:
- Select one of the following options:
- To apply the rule to both IPv4 and IPv6 addresses, select Any IP Address.
- To apply the rule to all IPv4 addresses, select Any IPv4 Address.
- To apply the rule to all IPv6 addresses, select Any IPv6 Address.
- To apply the rule to specific IP addresses and networks, select Custom and click Edit. The Addresses dialog box opens.
- In the Addresses dialog box, select one of the following options on the Type list:
Type |
Address Example |
IP address |
192.168.5.16 |
DNS name |
www.example.com |
IP range |
192.168.1.1-192.168.1.63 |
IP subnet |
192.168.88.0/29 |
IPv6 address |
2001:db8:85a3:8d3:1319:8a2e:370:733 |
IPv6 range |
2001:db8:1234:: - 2001:db8:1234:FFFF:FFFF:FFFF:FFFF:FFFF |
IPv6 subnet |
2001:db8:1234::/48 |
- Enter the address in the Address field.
- To add the address to the addresses list, click Add To List.
- Repeat steps a-c to add all necessary addresses to the addresses list.
- Click OK.
Click Next >. |
|
|
|
08. |
|
How can you define an IP subnet |
|
|
If you want to define an IP subnet, use Classless Inter-Domain Routing (CIDR) notation. It is a standard notation that consists of a network address and subnet mask. For example:
Network Address |
Subnet Mask |
CIDR Notation |
192.168.0.0 |
255.255.0.0 |
192.168.0.0/16 |
192.168.1.0 |
255.255.255.0 |
192.168.1.0/24 |
192.168.1.255 |
255.255.255.255 |
192.168.1.255/32 |
|
09. |
|
Select the Services and Direction |
|
|
Select the services to which the firewall rule applies, and the direction of the traffic.
To select the services and direction:
- Select the services to which you want to apply the rule:
- If you want to apply the rule to all IP traffic, select AllIP traffic on the list.
- If the service you need is not on the list, you need to create it first.
The icon appears in the Direction column for the services you selected.
- For every service, select the direction of the traffic to which the rule applies. The direction is from your computer to the Internet or vice versa. To select the direction, click the icon in the Direction column.
Direction |
Explanation |
|
The service is allowed or denied in both directions. |
|
The service is allowed or denied if it is from the Internet to your own computer (inbound). |
|
The service is allowed or denied if it is from your own computer to the Internet (outbound). |
- Click Next >.
|
|
|
|
10. |
|
Select Alerting Options |
|
|
Select how the product notifies you when the firewall rule denies or allows traffic.
To select the alerting option:
- Select one of the following options:
- If you do not want to be notified, select Noalert.
No alerts are generated to the alerts log, and no alert pop-ups are shown to you. We recommend that you select this option if you are creating a rule for allowing traffic.
- If you want the product to generate alerts in the alerts log, select Log.
- If you want the product to generate alerts in the alerts log and to show alert pop-ups to you, select Log and pop-up. Note that you have to turn on the alert pop-ups also in the Internet Shield alerts dialog box.
- In the Alert text field, enter a description to be shown in the alerts log and pop-ups.
2. Click Next >. |
|
|
|
11. |
|
Check and Accept the Rule |
|
|
Check and accept the new rule.
To do this:
- Check the rule summary. If you need to edit the rule, click < Previous.
- When you are satisfied with your new rule, click Finish.
Your new rule is now shown on the rules list on the Rules tab, and it is automatically turned on. If you have created several rules, you can now define their priority order. |
|
|
|
12. |
|
When do I have to create a new firewall service for a rule? |
|
|
You may have to do this if you are creating a firewall rule for a program but there is no suitable firewall service available. To open the product, double-click the product icon at the bottom right corner of your screen.
The service defines the protocols and ports the program uses. To find out this information, consult the documentation of the program.
To create a firewall service:
- Click the Internet Shield tab.
- Click Advanced.
- Select Internet Shield > Firewall.
- Click the Services tab.
- Click Add. The Add New Service dialog box opens.
- In the Name field, enter a name for the service. Use a name that you can easily identify.
- From the Protocol list, select the protocol for the service:
- ICMP (1)
- TCP (6)
- UDP (17)
If you want to use another IP protocol, enter the protocol number (0-255) in the field.
- If the service uses the TCP or UDP protocol, define the initiator ports for the service. If the program documentation does not include the initiator ports, you can usually use any port number above 1023.
- Next to the Initiator ports field, click Edit.
- Add the ports:
- To enter a single port, enter the port number in the Single field, for example, 1024.
- To enter a port range, add the lowest and the highest port number of the range to the Range fields, for example, 1024-65535.
- Click Add To List.
- Repeat the steps a-c to add all necessary ports.
- Click OK.
- If the service uses the TCP or UDP protocol, define the responder ports for the service. The responder ports are usually mentioned in the program documentation.
- Next to the Responder ports field, click Edit.
- Add the ports:
- To enter a single port, enter the port number in the Single field.
- To enter a port range, add the lowest and the highest port of the range to the Range fields.
- Click Add To List.
- Repeat the steps a-c to add all necessary ports.
- Click OK.
- If the service uses the ICMP protocol, define the ICMP type and code for the service. Click Edit to enter the values in the Type and Code fields. The allowed values are 0-255.
- If you will use this service for allowing inbound traffic, you can define whether you want to allow also broadcast and multicast traffic. This kind of traffic is created by streaming programs, such as web radio or television. To allow them, select the Allow broadcasts and Allow multicasts checkboxes. Usually, you can leave these checkboxes unselected.
- In the Add New Service dialog box, click OK.
Your new service is now shown on the services list on the Services tab. To deny or allow the traffic that the service defines, you need to add the service to a firewall rule which allows outbound Internet connections. |
|
|
|
13. |
|
How can I create a rule using a service that is not listed? |
|
|
You may have to create a new firewall service and rule if you start playing peer-to-peer network games, or start using a service such as Virtual Network Computing (VNC) remote desktop.
For example, for VNC you need to create two firewall services to open the following ports:
- TCP ports 5500, 5800, 5900, the initiator port is > 1024
- UDP ports 5500, 5800, 5900, the initiator port is > 1024
- Create a service for TCP with the following details:
- Service description: VNCTCP
- Protocol: TCP (6)
- Initiator ports, range: 1023-65535
- Responder ports, single: 5500, 5800 and 5900.
- Create a service for UDP with the following details:
- Enter a service description: VNCUDP
- Select the protocol: UDP (17)
- Enter initiator ports, range: 1023-65535
- Enter responder ports: 5500, 5800, and 5900.
- Create a firewall rule with the following details:
- Enter a rule name: VNC.
- Select the rule type: Allow.
- Select the IP addresses: Any IP Address.
- Select services: VNCTCP and VNCUDP. Click between the computer and globe icon until a double arrow is shown.
- Alert type: No alert.
- To apply the firewall rule, define VNC as allowed in Application Control:
- Click the Internet Shield tab.
- Click Advanced.
- Select Internet Shield > Application Control.
- Click the Applications tab.
- Click Add.
- Click Browse and browse for vncviewer.exe.
- Under Outbound (Client) connection, select Allow.
- Under Inbound (server) connection, select Allow.
- Click OK.
You should now see the new rule added to the rules list and it should be turned on. You can now close the product and retry your VNC. |
|
|
|
14. |
|
How do I change the firewall rules of Internet Shield? |
|
|
You can only change a firewall rule that you have created yourself. To open the product, double-click the product icon at the bottom right corner of your screen.
To change a rule:
- Click the Internet Shield tab.
- Click Advanced.
- Select Internet Shield > Firewall.
- Click the Rules tab.
- Select the rule and click Details. The Rule Details dialog box opens.
- Make the necessary changes in each step and move to the next step by clicking Next >.
- In the Rule Details dialog box, check the changes that you made.
- If you are satisfied with the rule, click Finish.
The changes that you made are applied to the rule. |
|
|
|
15. |
|
How can I open a port through the firewall? |
|
|
You can open a port through the firewall if you want to allow some Internet traffic and you know the port number that you want to open.
You may not be able to add your own rules to all security levels. Select the security level to which you want to add the new rule before you open the port.
When you open a port through the firewall, you create a new firewall rule and two new services.
- Click the Internet Shield tab.
- Click Open a port.
- In the Name field, enter a name for the new firewall rule.
- In the Port number field, define the responder port for the rule. The responder port is usually mentioned in the product documentation.
- Click OK.
The new rule is added to the firewall rules list and two new services are created on the firewall services list for both the TCP and UDP protocols with the specified port number. |
|
|
|
16. |
|
Why is my FTP software not working after I installed the F-Secure PC Protection? |
|
|
You have to add a new, outbound firewall rule to your security level. To add a new rule for the FTP software:
- To open the product, double-click the product icon at the bottom right corner of your screen.
- Click the Internet Shield tab.
- Click Advanced.
- Select Internet Shield > Firewall.
- Click the Rules tab.
- Click Add. The Add New Rule dialog box opens.
- Follow the instructions in the dialog boxes.
- In step 3, select the predefined FTP / File Transfer Protocol, active mode as the service.
- Follow the instructions in the dialog boxes.
- In the final step, click Finish.
|
|
|
|
17. |
|
I have a home office or home network. How can I get two computers to see each other's files? |
|
|
You need to create a new firewall rule for Windows file sharing to share files between computers on your home network. To open the product, double-click the product icon at the bottom right corner of your screen.
If you use a router on your network, check the Dynamic Host Configuration Protocol (DHCP) settings of your router to find out the IP address range allocated to your home network. For more information, consult the router documentation.
The most usual IP address range for home networks is 192.168.1.1 - 192.168.1.254. If you want to share files between all your computers, you have to create the same rule on all of the computers.
To create the rule:
- Click the Internet Shield tab.
- Click Advanced.
- Select Internet Shield > Firewall.
- Click the Rules tab.
- Click Add.
- Enter a name and select the rule type:
Step |
Example |
Enter a name for the rule |
FileSharing |
Select the rule type |
Allow |
- Select the IP addresses:
Step |
Example |
- Click Custom.
- Click Edit.
- Select IP range and enter the addresses of your computers in the field.
- Click Add To List.
|
192.168.1.1 - 192.168.1.254 |
- Select the services and direction:
Step |
Example |
Select the services that Windows file sharing uses |
- SMB over TCP/IP (TCP)
- SMB over TCP/IP (UDP)
- Windows file sharing and network printers
- Windows network browsing
|
Select the direction for both services |
(from the Internet to your computer) |
- Select the alerting type:
Step |
Example |
Select the alerting type |
No alert |
-
Check the summary of the rule and click Finish. Your new rule is now shown on the rules list on the Rules tab, and it is automatically turned on.
-
Test that the rule works. To do this, use Windows file sharing to share a folder or file and check whether you can access the folder or file from all of your computers.
Tip: If you want to share the printer on your home network, create a similar rule. In this case, you have to only create an inbound "allow" rule on the computer to which the printer is connected. |
|
|
|
18. |
|
Does Internet Relay Chat (IRC) work with the F-Secure PC Protection? |
|
|
Yes. If the security level in Internet Shield is set to Normal, the product allows IRC by default. If you are using another security level, or have added your own firewall rules or services, check that Service IRC and Service IDENT traffic is allowed in both directions for the selected security level.
|
|
|
|
19. |
|
I used to play network games or use peer-to-peer software on the Internet before I installed the F-Secure PC Protection. Now these applications do not work anymore. What can I do? |
|
|
If this happens, you may need to open a port through the firewall for the network game or peer-to-peer software. Also check that the security level of Internet Shield is Normal. This level usually allows you to use these types of programs without any problems. To open the product, double-click the product icon at the bottom right corner of your screen.
You may not be able to add your own rules to all security levels. Select the security level to which you want to add the new rule before you open the port.
When you open a port through the firewall, you create a new firewall rule and two new services.
- Click the Internet Shield tab.
- Click Open a port.
- In the Name field, enter a name for the new firewall rule.
- In the Port number field, define the responder port for the rule. The responder port is usually mentioned in the product documentation.
- Click OK.
The new rule is added to the firewall rules list and two new services are created on the firewall services list for both the TCP and UDP protocols with the specified port number. |
|
|
|
20. |
|
Can I use a digital TV card with the F-Secure PC Protection? |
|
|
Yes, you can. If the TV picture freezes when you use a digital TV card with the F-Secure PC Protection, add the TV card as a trusted networking adapter. To open the product, double-click the product icon at the bottom right corner of your screen.
- Click the Internet Shield tab.
- Click Advanced.
- Select Internet Shield > Firewall.
- Click the Settings tab.
- On the Trusted network adapter list, select the TV card.
- Click OK.
Your TV card should work now. |
|
|
|
21. |
|
How do I allow all network traffic temporarily? |
|
|
Note:Your computer is not protected when you allow all network traffic.
To allow all network traffic:
- Right-click the product icon at the bottom right corner of your screen.
- Select Unload from the menu.
- To allow all Internet traffic, select Unload and allow all network traffic.
To restore your security again, right-click the product icon and select Reload. |
|
|
|
22. |
|
What is firewall packet logging and how can I use it? |
|
|
The packet log collects information about the IP network traffic. By default, the packet logging is turned off. You can turn the packet logging on if you have created your own set of firewall rules, and want to check how they block traffic. You can also do this if you suspect malicious network activity.
You can send the log file to our technical support for further analysis.
To open the product, double-click the product icon at the bottom right corner of your screen. To start logging:
- Click the Internet Shield tab.
- Click Advanced.
- Select Internet Shield > Logging.
- Use the recommended logging time and file size that are shown in the Logging time and Max log file size fields. You can also change them if you want to.
- Click Start Logging. A new file is added to the log files list. The size of the file increases as information is gathered in the file. If the list already contains 10 log files, the next log is gathered into an existing file.
- To stop the logging manually, click Stop Logging. The logging stops automatically after the defined logging time period has elapsed, or the defined maximum log file size has been reached.
|
|