Comodo Help
Find the desired product help
Comodo Internet Security

Comodo Internet Security

Version 5.9/5.10

English

Print Help Download Help
Appendix 1 CIS - How To... Tutorials > Setting Up The Firewall For Maximum Security And Usability
  • Introduction To Comodo Internet Security
    • Special Features
    • System Requirements
    • Installation
      • CIS Premium Installation
      • CIS Pro-Installation And Activation
      • CIS Complete-Installation And Activation
        • Installing Comodo Internet Security 2012 Complete
        • Activating Online Backup, TrustConnect And Guarantee
        • Installing Comodo Backup
        • Installing Comodo TrustConnect
      • Activating Pro/ Complete Services After Installation
        • Activating Your License
        • Activating Your Guarantee Coverage
        • Renewal Of Your License
    • Starting Comodo Internet Security
    • Comodo Internet Security - Overview Of Summary Screens
      • Comodo Internet Security – Summary
      • Comodo Antivirus – Summary
      • Comodo Firewall – Summary
    • Comodo Internet Security - Navigation
    • Understanding Alerts
  • Antivirus Tasks-Introduction
    • Run A Scan
    • Update Virus Database
    • Quarantined Items
    • View Antivirus Events
    • Submit Files To Comodo For Analysis
    • Scheduled Scans
    • Scan Profiles
    • Scanner Settings
      • Real Time Scanning
      • Manual Scanning
      • Scheduled Scanning
      • Exclusions
  • Firewall Tasks-Introduction
    • View Firewall Events
    • Define A New Trusted Application
    • Define A New Blocked Application
    • Network Security Policy
      • General Navigation
      • Application Rules
      • Global Rules
      • Predefined Policies
      • Network Zones
      • Blocked Zones
      • Port Sets
    • View Active Connections
    • Stealth Ports Wizard
    • Firewall Behavior Settings
      • General Settings
      • Alert Settings
      • Advanced Settings
  • Defense+ Tasks - Introduction
    • View Defense+ Events
    • Trusted Files
    • Unrecognized Files
      • Unrecognized Files
      • Submitted Files
    • Computer Security Policy
      • Defense+ Rules
      • Predefined Policies
      • Always Sandbox
      • Blocked Files
      • Protected Files And Folders
      • Protected Registry Keys
      • Protected COM Interfaces
      • Trusted Software Vendors
    • The Sandbox - An Introduction
      • Unknown Files - The Sand-boxing And Scanning Processes
    • View Active Process List
    • Run A Program In The Sandbox
    • Defense+ Settings
      • General Settings
      • Execution Control Settings
      • Sandbox Settings
      • Monitoring Settings
  • More Options-Introduction
    • Preferences
      • General Settings
      • Parental Control Settings
      • Appearance
      • Log Settings
      • Connection Settings
      • Update Settings
    • Manage My Configurations
      • Comodo Preset Configurations
      • Importing/Exporting And Managing Personal Configurations
    • Diagnostics
    • Check For Updates
    • Manage This Endpoint
    • Browse Support Forums
    • Help
    • About
  • Comodo GeekBuddy
    • Overview Of Services
    • Launching The Client And Using The Service
    • Accepting Remote Desktop Requests
    • Registration
    • Activation Of Service
    • Uninstalling Comodo GeekBuddy
  • TrustConnect Overview
    • Microsoft Windows - Configuration And Connection
    • Mac OS X - Configuration And Connection
    • Linux / OpenVPN - Configuration And Connection
    • Apple IPhone / IPod Touch - Configuration And Connection
    • TrustConnect FAQ
  • Comodo Dragon
  • Appendix 1 CIS - How To... Tutorials
    • Setting Up Security Levels Easily
    • Setting Up The Firewall For Maximum Security And Usability
    • Blocking Internet Access While Allowing Local Area Network (LAN) Access
    • Setting Up Defense+ For Maximum Security And Usability
    • How To Password Protect Your CIS Settings
    • How To Reset Forgotten Password (Advanced)
    • Running An Instant Antivirus Scan On Selected Items
    • Creating An Antivirus Scanning Schedule
    • Running An Untrusted Program Inside Sandbox
    • Restoring Incorrectly Quarantined Item(s)
    • Submitting Quarantined Items To Comodo For Analysis
    • Enabling File Sharing Applications Like BitTorrent And Emule
    • Blocking Any Downloads Of A Specific File Type
    • Disabling Defense+ And Sandboxing For Specific Files Selectively
    • Switching Between Complete CIS Suite And Individual Components (just AV Or FW)
    • Switch Off Automatic Antivirus And Software Updates
    • Suppressing CIS Alerts Temporarily While Playing Games
  • Appendix 2 Comodo Secure DNS Service
    • Router - Manually Enabling Or Disabling Comodo Secure DNS Service
    • Windows XP - Manually Enabling Or Disabling Comodo Secure DNS Service
    • Windows 7 / Vista - Manually Enabling Or Disabling Comodo Secure DNS Service
  • Appendix 3 CIS Versions
  • About Comodo Security Solutions

Setting Up The Firewall For Maximum Security And Usability
 

This page outlines the functions of Comodo's Firewall and helps you to set up a secure connection to the Internet.

 

Stealth Ports Settings

 

Port Stealthing is a security feature whereby ports on an Internet connected PC are hidden from sight, sending no response to opportunistic port scans.

  1. Click the ‘Firewall’ button along the top navigation

  2. Click 'Stealth Ports Wizard' in Firewall Tasks menu

  3. Select "Block All Incoming connections and make my ports stealth for everyone" to make computer's ports are invisible to all networks





  1. Click 'Ok'.

Click here for more details on Stealth Port Wizard



Network Zones Settings

 

The Network Zones option allows you to configure the protection level for network connection to a Router/home network. (This is usually done automatically for you).

To view the configurations:

  1. Click the 'Firewall' button along the top navigation

  2. Click 'Network Security Policy' in Firewall Tasks menu

  3. Click 'Network Zones' tab




Check the Loopback zone and Local Area Network #1. In most cases, the loopback zone IP address should be 127.0.01/255.0.0.0


In most cases, the IP address of the auto detected Network zone should be 192.168.1.100/255.255.255.0 .

  1. Check these addressees and click 'OK'.

Click here for more details on Network Zones settings


Firewall Behavior Settings

 

The Firewall Behavior Settings option allows you to configure the protection level for your Internet connection and the frequency of alerts generated.

To open Firewall Behavior Settings panel:

  1. Click the 'Firewall' button along the top navigation

  2. Click 'Firewall Behavior Settings' in Firewall Tasks menu

General Settings

  1. Click on 'General Settings' tab to move the Firewall Security Level slider

  2. Choose Safe mode

Safe Mode: While filtering network traffic, the firewall will automatically create rules that allow all traffic for the components of applications certified as 'Safe' by Comodo. For non-certified new applications, you will receive an alert whenever that application attempts to access the network. Should you choose, you can grant that application Internet access by choosing 'Treat this application as a Trusted Application' at the alert. This will deploy the predefined firewall policy 'Trusted Application' onto the application.



  1. Click 'OK' for the changes to take effect.

Alert Settings

 

  1. Click the 'Alert Settings' tab in the same window.


     

  1. Move the Alert Frequency Level slider to Low and select all the check boxes except 'This computer is an internet connection gateway'. Only enable this box if your system is configured as an ICS server (your computer is connected to Internet and shares its single Internet connection with other computers connected to it by LAN).

At the 'Low' setting, the firewall shows alerts for outgoing and incoming connection requests for an application. This is the setting recommended by Comodo and is suitable for the majority of users.

 

Enabling 'This computer is an Internet connection gateway' (i.e. an ICS server) allows other computers access to the Internet through this computer.

 

Click here for more details on Firewall Behavior settings


Advanced Settings


Advanced Settings option allows you to configure the protection level against common types of denial of service (DoS) attack.

 

To open Advanced Settings panel:


  1. Click the 'Advanced Settings' tab in the same window.





When launching a denial of service or 'flood' attack, an attacker bombards a target machine with so many connection requests that your computer is unable to accept legitimate connections, effectively shutting down your web, email, FTP or VPN server.


  1. Select both the check boxes Protect the ARP Cache and Block Gratuitous ARP Frames

  2. The option Block fragmented IP Datagrams is selected by default

  • Block fragmented IP Datagrams - When a connection is opened between two computers, they must agree on a Maximum Transmission Unit (MTU). IP Datagram fragmentation occurs when data passes through a router with an MTU less than the MTU you are using i.e when a datagram is larger than the MTU of the network over which it must be sent, it is divided into smaller 'fragments' which are each sent separately. Fragmented IP packets can create threats similar to a DOS attack. Moreover, these fragmentations can double the amount of time it takes to send a single packet and slow down your download time.

  1. Select the Do Protocol Analysis checkbox to detect fake packets used in denial of service attacks

  2. Select the Monitor NDIS protocols other than TCP/IP checkbox to capture the packets belonging to any other protocol driver than TCP/IP

  3. Click 'OK'.

Click here for more details on Advanced Settings


Setting-up Network Security Policy


The Network Security Policy option allows you to configure and deploy traffic filtering rules and policies on an application specific and global basis.


To open Network Security Policy configuration panel:

  1. Click the 'Firewall' button along the top navigation

  2. Click 'Network Security Policy' in Firewall Tasks menu


Application Rules

  1. Click the 'Application Rules' tab in 'Network Security Policy' interface.

  2. Click 'Add...'/'Edit...' rules for specific applications manually or 'Remove' them.







  1. Click 'OK' for the change to take effect.

Click here for more details on Network Security Policy



Global Rules


The Global rules can be changed manually although the defaults are usually enough. (Earlier we chose to block all incoming connections and stealthed ports to everyone).

  1. Click on 'Global rules' in 'Network Security Policy'.

  2. Click 'Add...'/'Edit...' rules for specific applications manually or 'Remove' them







  1. Click 'OK' for the change to take effect.

Click here for more details on Network Security Policy



Predefined Policies



To view Predefined Firewall Policies:

  1. Click the 'Predefined Policies' tab in the same window.

  2. Click 'Edit' to view the restrictions placed by a particular policy



You need not make your own predefined policies, the defaults are usually enough.

 

Click here for more details on Predefined Firewall Policies


Comodo Internet Security User Guide | © 2012 Comodo Security Solutions Inc. | All rights reserved

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2025. All rights reserved.