Firewalls and VPN

This page is about using firewalls with VPN to Lancaster University.

Remote Access   VPN Test   

The Software Firewall Problem

A common cause of 'H: Drive not connecting' problem is that people run 'extra' software firewalls which block access to the network filestore servers on campus.

Protecting Your PC

Some people will want to use a firewall to help protect their computer from worms and viruses. The basic recommendation is to:

• switch off all software firewalls.

Understandably some people will be reluctant to do that. However please note the following:

• if you have good wired router (four sockets to connect up to four computers) or wireless router you do not need a 'software firewall' because wireless and multiport wired routers include good firewalls.
• if you have 'single port' ADSL modem (often supplied by ISPs) this does NOT include a firewall, however, if you run Windows XP SP2 you do have software firewall loaded that can be used with VPN without causing problems.

Common Firewalls

Common firewalls that cause the problem are:

• ZoneAlarm - a common free firewall (you have this one).
• Norton Internet Security (NIS) - is bundled with many new computers and NIS includes a firewall.
• MacAfee firewall - a popular firewall.

There are two possible solutions:

• stop all software firewalls.
• configure your software file.

Removing software firewalls is relatively easy (they may need un-installing) and, unless you are using a single port modem, recommended. Configuring software firewalls requires some knowledge of the firewall and therefore can be difficult.

Removing Firewalls

This is what you do:

1. stop all of your software firewalls including NIS* except XP SP2.
2. reboot your PC.
3. connect VPN and map the network drive.

*NIS - you have to stop all of NIS running including the AntiVirus part. Many users will understandably be reluctant to uninstall the AntiVirus software in NIS. But you should uninstall it for three reasons:

• NIS clashes with VPN.
• NIS is bundled free with computers with a period of free 'virus definition' updates which often runs out and is not renewed by the user, rendering it of limited use. Members of Lancaster University (staff and students) are entitled to install 'Symantec Antivirus' which updates its 'virus definitions' automatically and does NOT expire.

Configuring Software Firewalls

Currently I only have details of how to configure ZoneAlarm (and these are a beta release - please report any problems).

Configuring ZoneAlarm

ZoneAlarm does work with VPN, but un-configured, it will not work with 'H: Drive over VPN'. To make ZoneAlarm H: Drive friendly you will need to make ZoneAlarm understand that everything from the VPN server is trusted and make ZoneAlarm understand that everything from your H: Drive is trusted.

You will need to know and have handy your 'Folder' number. To discover your 'Folder' numbers, go to the Personal Filestore page. Use the table below to calculate your 'Homes' number.

To configure ZoneAlarm to allow you to use H: drive do the following:

1. start ZoneAlarm and start VPN.
2. open ZoneAlarm.
3. click on the 'Firewall' tab (to the left).
4. click on the 'Zones' tab (on the top).
5. click on the 'Add>>' button - see pop-up menu.
6. click on 'Host/site' option - see 'Add Host/Site' dialog.
7. in 'Host Name' box type: vpn.lancs.ac.uk
8. in 'Description' type: VPN
9. click OK
10. click on the 'Add>>' button - see pop-up menu.
11. click on 'Host/site' option - see 'Add Host/Site' dialog.
12. in 'Host Name' box type: homesX.lancs.ac.uk - where X=the number of your H: Drive 'homes' folder.
13. in 'Description' type: Homes
14. click OK
15. click on the 'Main' tab (at the top) see a warning about saving changes.
16. click on the 'Yes' button.

If you want to use 'Departmental Filestore' over VPN, do the following:

1. ensure ZoneAlarm is open and that VPN is running.
2. click on the 'Firewall' tab (to the left).
3. click on the 'Zones' tab (on the top).
4. click on the 'Add>>' button - see pop-up menu.
5. click on 'Host/site' option - see 'Add Host/Site' dialog.
6. in 'Host Name' box type: depts1.lancs.ac.uk
7. in 'Description' type: Departmental Filestore
8. click OK
9. click on the 'Main' tab (at the top) see a warning about saving changes.
10. click on the 'Yes' button.

Testing

To test your H: Drive connectivity:

1. start up 'Windows Explorer' or 'My Computer'.
2. click on the 'Tools' menu then the 'Map Network Drive' option.
3. drop the 'Folder' list and choose your H: Drive connection OR
   
4. type: \\filesX\usersY\ZZ\(username) substitute X, Y, ZZ, (username) with the appropriate numbers and your Windows username.
5. ensure the 'Reconnect at logon' box is not selected*.
6. click 'Finish' button.

After a pause you should see your H: drive files appear in a window. The response is slower than inside the University.

To test your 'Departmental Filestore' connectivity:

1. start up 'Windows Explorer' or 'My Computer'.
2. click on the 'Tools' menu then the 'Map Network Drive' option.
3. drop the 'Folder' list and choose your Departmental Filestore connection OR
   
4. type: \\depts1\(faculty)\(department) substitute (faculty) & (department) with the appropriate names.
5. ensure the 'Reconnect at logon' box is not selected*.
6. click 'Finish' button.

*If you select 'Reconnect at logon' option, and then logon without VPN - the connection will hang, causing delays to the logon process. If you always connect to the Internet through VPN it is OK to select 'Reconnect at logon'.

©Lancaster University   ISS Governance   Computer User Agreement   Privacy & Cookies Notice