Firewall question

i am running 2 firewalls, and up till about 2 weeks ago without any problems for several months.
Now one of them, Sysgate, according to the other, Zonealarm, is trying to perform as a server.
I keep telling it 'deny' and all systems seem to perform fine.

any idea why this has cropped up and what it is about?

i have the option of 'remembering the deny setting' and never seeing the problem again, but not sure if i want to do something like that and not being able to reverse the situation at a later time.

thanks in advance for any advice.
dp

I would be reluctant to have two. They might get in fights.

"perform as a server" generally means it is trying to respond
to connection attempts from "outside". It would be good to know
the ports involved and get some information on what Sysgate might
think it is doing with those ports. Otherwise it's hard to say.

ZoneAlarm should provide some bits of information of that nature
when it whines at you, at least the port number and maybe some
remote addresses or such. And the Sysgate documentation might be
of some help, who can say?

I had ZA, and read here a rec about Sygate, so dl'd it and was testing it out. Both have different views of what it is accomplishing, and sometimes i want the info from one that the other doesn't provide. I've noticed no conflict btwn the 2 tho, so let them both run.

but ZA has reported that Sygate was attempting to perform as a server, without any more info, unless i 'allow' it then to see what ports etc. Which i'm reluctant to do at this point.

thanks for the info. I'll check the documentation.
dp

It may be that Sysgate is trying to open a server socket,
and that is what ZA is reporting, hence no outside connection
may be at issue. Still, there should be port number(s) associated
with the server socket, and one would think that Sysgate would
document what it's trying to do somewhere.

i just regard ZA as informing me that a program, in this case, another firewall is trying to contact/perform as a server, which is what i'd hope ZA would do, and vice versa. Whenever i recieve a warning from ZA about any program, Sygate also responds with the same warning, and in this case, Sygate is just not reporting itself.

but it's only in the last week or 2 at the most, after running them both for 6+ months together, that Sygate is acting this way (as a server).

i was on a sygate forum earlier, and no mention of this in the FAQs, but i did read that Sygate would NOT work in conjuction with another firewall, and for it to work i should uninstall ZA. But up til now, they have both worked fine. Actually, as far as i know, they are both working fine, but for the activity i first wrote about.

dp

edit: i don't have any control of when i get the ZA warning, but next time i do will look for port info. Who knows when it will crop up again.

sygate agent firewall trying to act as a server.
application: smc.exe
source ip: 0.0.0.0. Port 1027

i'm just going to deny again until i'm advised here otherwise.

dp

I'll bet it's looking for port scans. The range just past
1024 is one Micro$oft accidents tend to happen in, so it would
be a good place to watch for hack attempts.

There is nothing to fear from denying it.
I always deny all server ports on machines I put on the net,
for what it's worth. One of the first things I do is make sure there
are NO open server ports.

If you want to understand better you could poke around in Sygate
config for port watching or attack detection type things.

:)
thanks for replying.

what's a 'wag'?
i can just click the 'permanent deny' option in ZA and never see this again, nor worry again about it.

My initial query was whether this was something Sygate was doing for a valid reason , 'performing as a server' or since it was a new phenomena, something that i had happen to me that i needed to try and fix. I would just like for Sygate and ZoneAlarm to work along doing their individual thing, hopefully not in conflict and protect my computer. I set them up fairly carefully,first ZA then several months (6?) later Sygate, and they've been no problem for about 4-5 months now. The ZA warning about Sygate just started over the last month and i'd deny it, but it keeps coming back up sporadically.

dp

"i can just click the 'permanent deny' option in ZA and never see this again, nor worry again about it"

I think so. In any case I think it's safe. The way it just started
cropping up is odd, but how much time do we want to spend figuring it
out? It just occurred to me that one thing a firewall might do that
looks like 'performing as a server' is watching for port scans, so it
makes sense. And it's about the only thing I can think of that fits.
Short of researching the problem myself (Not My Job) that's what I
think.

YMMV (Your Mileage May Vary)

http://www.cnet.com/Resources/Info/Glossary/Terms/ymmv.html

our own threads. Take a day off of DU and come back to the bloodletting...sigh.

now my firewall problem seems fairly minute in relation to the greater scheme of things. Or maybe i just need a far vacation.

but again, thanks for your replies. I'll take care of this by exploring the options and settings.

HITYLTILY? :hug:

dp