Firewalls

From MozillaZine Knowledge Base
Jump to navigationJump to search

A personal firewall (e.g., the Norton firewall and ZoneAlarm) is a security program that controls access to the Internet. The firewall may be a freestanding program, or it may be part of an Internet security package. A firewall can also be implemented in a separate hardware device.

After your Mozilla application is installed or updated, your security software must be configured to allow Internet access. This may happen automatically, or you may have to do it. If you deny access, you must reconfigure the security software to allow access. No Web browser or any other program can control the firewall. If it could, that would completely bypass the security of the firewall.

This article provides general information about software firewalls as well as information about specific firewall programs. For information about other security programs, including antivirus programs, that can can block internet access or cause other connection issues, see Error loading websites.

Firewall pitfalls

  • Firewalls may not "know" about every update, and may sometimes require manual configuration.
  • Some firewalls continue running even if you think you have disabled them.
  • Some firewalls continue running even if you think you have uninstalled them. The EnumProcess tool for Windows will help you find any firewalls that may be running.
  • A firewall can easily block Firefox/Thunderbird/SeaMonkey without blocking Internet Explorer.
  • Some firewalls provide detailed rules concerning Internet access, any of which could block Internet access.[1][2][3][4]
  • If the firewall shows that Internet access is already allowed for your Web browser or Thunderbird, that may be for the previous version. Try deleting all versions from the access list so the firewall must request permission again.
  • Some firewalls have bugs. Try removing all mention of your Mozilla application from the access list so the firewall must request permission again.
  • Some firewalls require you to restart your computer for changes to take effect.
  • Here are some other ways to be fooled.

AVG Internet Security

If the AVG Internet Security firewall is blocking internet access, delete the application rule for your Mozilla application, then grant access the next time you are asked. The following instructions are from the AVG 8.0 Technical FAQ:

Editing or deleting current rule

  1. open AVG User Interface -> menu Tools -> Firewall settings
  2. expand Profiles -> your profile (e.g. Standalone computer) -> Applications
  3. click on the Mozilla application rule that you want to change
  4. click "Delete this rule"

If you need more help, see the article Configuring AVG Internet Security (Firefox Support) or contact AVG Support.

Avira Premium Security Suite

From Avira Solutions - Knowledge Base Problem Details: #567 - How can I unblock an application in Avira Firewall?

  1. Start the Avira AntiVir Control Center: Just double-click the umbrella icon in the tray, in the bottom-right corner of the screen, near the system clock. Or you can double-click the Control Center icon on your desktop, created during installation.
  2. Open the Firewall Configuration: Go to Extras - Configuration, in the menu bar.
  3. Click on the plus sign next to Firewall, to expand the Firewall menu and click on Application rules. In the right panel you can see the Firewall rules for applications and processes. The list has three columns: Application, Mode and Action. The most important one is Action, which shows how Firewall is treating the application. If the action is Deny, the Firewall blocks the network traffic for that application (image).
  4. To unblock an application you blocked by mistake, you can click on the action twice, to change the action into Allow.
  5. To save the change, press Apply and then OK.

The previously blocked application should now be allowed to communicate via Internet or network.

CA Internet Security and Personal Firewall

For CA Internet Security 2010, the following articles describe how to allow your application to access the Internet, if it is being blocked:

See also Configuring CA Internet Security Suite (Firefox Support)

For CA Internet Security 2007-2008, see the instructions for CA Personal Firewall, below. If you need more help, contact CA technical support.

CA Personal Firewall

The CA (Computer Associates) Personal Firewall was formerly known as "eTrust Personal Firewall". The following instructions are from the CA support article, CA Personal Firewall blocks applications and apply to CA Personal Firewall 2007-2008 (the linked article includes screen shots).

  1. Open CA Personal Firewall
  2. On the left panel, click on Firewall.
  3. On the right, select the Application Control tab.
  4. If your program has already requested internet access you will already find it within this list. To ensure the program is given the necessary access, click on the program name and then click on the Delete button.
  5. A Confirm popup will ask if you want to delete the application, click Yes.
  6. Close CA Personal Firewall
  7. Open the program you wish to grant access. A few seconds after the program opens you will see a CA Personal Firewall Security Alert message. Within this box there will be the option to Allow or Deny the program and the ability to remember this setting. We recommend that you check the box to remember the selection for your default web browser and email program so check this box and then click on the Allow button.

Comodo Firewall

As of October 2008, Comodo Firewall is available as part of Comodo Internet Security, which also includes an antivirus component. [5] Comodo Firewall is no longer offered for download as a standalone application.

Comodo Firewall Pro

This is the free Comodo Firewall that was previously available as a standalone application, prior to the release of Comodo Internet Security.

To configure Comodo Firewall Pro, using Thunderbird as an example:

  1. Right click on the Comodo icon in the system tray and select open.
  2. Click on security, and then application monitor. That should display a list of applications and their rules.
  3. If there is a existing rule for Thunderbird select it.
    1. Press edit (or right click on the rule and select edit from the context menu).
    2. Press the application browse button and browse to your Thunderbird.exe file.
    3. Select "Specify a parent". Press the parent browse button and browse to Explorer.exe (Windows Explorer) in your windows directory.
    4. The general tab should have allow , "TCP or UDP", and IN/OUT. If it doesn't, change the settings.
    5. Press OK.
  4. Otherwise press Add.
    1. Press the application browse button and browse to your Thunderbird.exe file.
    2. Select "Specify a parent". Press the parent browse button and browse to Explorer.exe (Windows Explorer) in your windows directory.
    3. The general tab will default to allow , "TCP or UDP", and IN. Change the direction from IN to IN/OUT.
    4. Press OK.

The list of rules should have a line with Thunderbird.exe, [any], [any], TCP/UDP In/Out and a green check mark next to Allow.

Comodo Firewall Pro, by default, keeps track of each parent (host process) for a given application [6]. For example, Comodo doesn't have just one rule for Thunderbird, it creates rules that also specify what application launched Thunderbird. This can include one for Windows Explorer, Firefox, and even Thunderbird launching itself when it upgrades. If you don't need this fine grained control rather than pressing the parent browse button select "skip parent check" to make it use one rule (and avoid specifying who can launch it). If it already has multiple rules selecting "skip parent check" in any of those rules should automatically delete the other Thunderbird rules.

If you need more help, see Configuring Comodo Firewall Pro (Firefox Support) or visit Comodo Support.

Comodo Internet Security

Comodo Internet Security includes the Comodo Firewall. The list of firewall application rules can be found by opening Comodo Internet Security and going to "Firewall -> Advanced -> Network Security Policy", as shown in this Comodo forum topic.

If you need more help configuring the Comodo Firewall component to work with your Mozilla application, visit Comodo Support. For details on configuring Comodo Internet Security to work with Firefox, see Configuring Comodo Internet Security (Firefox Support) .

eTrust EZ Firewall

  1. Double click the EZ Firewall icon in the system tray
  2. Ensure that the ‘Lock’ icon at the top is in the unlocked position.
  3. To the left of the window, click ‘Program Control’
  4. Click the ‘Programs’ tab from the top.
  5. Look for your internet program (e.g. "Mozilla" or "Firefox") and ensure that the permissions under ‘Access’ and ‘Server’ have a green check mark (allow).
  6. Look for Generic host process for win32, (Win XP and Win 2000 only). Again, ensure that the permissions under 'Access' and 'Server' have a green check mark (allow).
  7. Look for Application Layer Gateway, ensure 'Access' and 'Server' have check marks.
  8. Try accessing the internet again.
  9. If you are still unable to surf, remove all instances of your internet program (e.g. "Mozilla" or "Firefox") and Generic host process for win 32 from the program list. You can remove them by right click the name and selecting remove from the popup window.
  10. Once this is done, try accessing the internet again. You should get a firewall alert asking for access permission to allow the processes mentioned above, please allow them, this should get your internet working again. [7]

Additional information is contained in CA support document, I cannot surf the Internet since installing EZ Firewall

Kaspersky firewall

Because of a bug, the Kaspersky firewall may continue to block Internet access even though it is supposed to be disabled. [8][9] Access may be blocked even if only the Kaspersky Antivirus program is running.[10] As with any firewall, the best solution is not to disable it, but to configure it to allow the updated application.

Users also have the option of blocking domain-name service (DNS) for some programs but not others. [11][12]. You must allow DNS access for normal Web browsing.

The Kaspersky firewall can also interfere with pipelining [13]

In some cases, it may be necessary to delete the application rule for Firefox/Thunderbird/Mozilla Suite/SeaMonkey, then grant access the next time you are asked. The following instructions are from the article, Firewall rules for applications in Kaspersky Internet Security 7.0:

  1. Open the Kaspersky application Settings window
  2. select Firewall under Protection.
  3. Click on Settings under Filtration System.
  4. In the Settings: Firewall window, select the Rules for Applications tab.

Using the Delete button, you can delete a rule for the selected application (e.g., Firefox.exe).

If you need more help, read Configuring Kaspersky Internet Security (Firefox Support) and this web page or visit Kaspersky Technical Support and Knowledge Base.

McAfee firewalls

McAfee Personal Firewall

How you access those settings depends on your McAfee version, but it will be similar to the following:

  1. Double-click the M icon in your taskbar
  2. Select Internet & Network, then click Configure on the right.
  3. In the section titled Firewall protection is enabled, click Advanced.
  4. Select Program Permissions from the Home list on the left.

In the Program Permissions list, find the entry or Application Rule for your Mozilla application and delete it. The next time the application requests Internet access, you can set its permission level to re-add it to the list.

For more information see these McAfee support documents:

Visit McAfee Technical Support or the McAfee Support Forums if you need more help.

Norton firewalls from Symantec

The Symantec support site for Norton products offers extensive resources, including the AutoFix Tool for home users and a FAQ page. A Norton Community forum is also available.

Important: Even after all Norton products are uninstalled, a driver or kernel service (e.g., SYMTDI) can be left behind that blocks Internet access. [14] [15] The EnumProcess tool can be used to detect all firewall processes and servies. A removal tool can be downloaded from Symantec to completely remove Norton products from your computer.

Norton 360

If you are using the Norton 360 Internet security suite and your Mozilla application cannot access the internet, check your Firewall Protection settings. The following instructions are based on the Symantec articles, Cannot use a specific program after installing Norton 360 and My Internet-enabled application or device is not able to access the Internet after installing Norton 360 2.0

To modify the Firewall Protection settings for your Mozilla application,

  1. Start Norton 360
  2. Go to the Firewall Protection settings.
    • Norton 360: Click Tasks and Settings, click Change Advanced Settings, then click Firewall Protection Settings.
    • Norton 360 2.0: Click Settings, then click Firewall Protection.
  3. In the (Firewall) Program Rules tab, in the Program column, select the program you want to allow access (e.g., Mozilla Firefox).
  4. Change the Access from Block or Custom to Allow.
    • Norton 360: Select Allow, click Apply, then Close, and then click Yes.
    • Norton 360 2.0: Select Allow, click Close.

For details on configuring Norton 360 so that it works with Firefox, read Configuring Norton 360 (Firefox Support).

If you need more help, visit the Norton 360 forum or contact Norton Support.

Norton Internet Security

The firewall component of Norton Internet Security (NIS) must be configured to allow updated programs to use the Internet. If your Mozilla application cannot access the Internet, follow these instructions (from the Symantec support articles, Some Internet-enabled programs can no longer access Internet after installing Norton Internet Security 2008 and Cannot use a specific program after installing Norton Internet Security 2007):

Allow access to the program in Firewall Program Rules

  1. Start Norton Internet Security.
  2. In the main pane, click Norton Internet Security tab.
  3. Click Settings.
  4. Under Web Browsing, click Personal Firewall and then click Configure.
  5. In the left side of Norton Internet Security Options window, click Personal Firewall and then click Program Control.
  6. In the Program Column, select the specific program.
  7. Change the Access from Block or Custom to Allow.
  8. Click OK.

For other versions of Norton Internet Security, see this Symantec Knowledge Base article as well as Configuring Norton Internet Security (Firefox Support) and this forum post. For more help, visit the Norton Internet Security forum or contact Norton Support.

Outpost Firewall

Make sure the Rules Wizard firewall policy is on. The Outpost Firewall can cause Firefox to stall, by blocking the loopback (localhost) connection.[16][17]


Trend Micro PC-cillin Internet Security

You can remove or edit the Firewall rules for specific programs in Trend Micro (aka PC-cillin) Internet Security by accessing the Program Control settings. These instructions are from the Trend Micro support article, How do I set the Personal Firewall of Trend Micro Internet Security 2008 to allow or block specific programs?

To set the Personal Firewall to allow or block connections from specific programs, do the following:

  1. Open the Trend Micro Internet Security main console by doing any of the following:
    • Click Start > Programs or All Programs > Trend Micro Internet Security > Trend Micro Internet Security.
    • Double-click the Trend Micro Internet Security icon on the lower right corner of your screen.
  2. Click Home Network & Firewall Controls on the left panel.
  3. Under Personal Firewall, click Settings.
  4. On the Personal Firewall Settings screen, make sure there is a checkmark in the Activate the Personal Firewall checkbox.
  5. Click Advanced Settings.
  6. Click the Program Control tab.

For earlier versions of Trend Micro/PC-cillin, see:

If you need more help, read Configuring Trend Micro Internet Security (Firefox Support) or visit Trend Micro Support.

Windows Firewall

The Windows Firewall in Windows XP filters only inbound traffic. In Windows Vista, the Windows Firewall can filter both inbound and outbound traffic; however, outbound filtering is turned off by default [18].

In some cases, you may need to remove Firefox/Thunderbird/Mozilla Suite from Windows Firewall exceptions list, if listed, and re-add it. The following instructions are for Windows XP sp2 (Windows Vista should be similar):

  1. Close Firefox/Thunderbird/Mozilla Suite
  2. Start -> Settings -> Control Panel -> Windows Firewall
  3. General tab - Make sure the firewall is switched on and "Don't allow exceptions" is unchecked.
  4. Exceptions tab - Find the Firefox/Thunderbird/Mozilla Suite entry and delete it.
  5. Check the box next to "Display a notification when Windows Firewall blocks a program".
  6. Click "OK" to exit the Windows Firewall window.
  7. Start Firefox/Thunderbird/Mozilla Suite.
  8. Windows Firewall should then ask whether you want to keep blocking or unblock. Select "Unblock".

For more information, open the Windows Start menu, go to Help and Support and search on "Firewall", or see these articles:

Windows Live OneCare

Open Windows Live OneCare, click on Firewall, then click on "configure firewall" and click on "advanced settings". A list of programs will appear with either "allow" or "block" checked. Look for any Firefox/Thunderbird/SeaMonkey entries that are "blocked" and click on each blocked entry to allow. [19]

ZoneAlarm

To configure the ZoneAlarm firewall to allow Firefox/Thunderbird/Mozilla Suite/SeaMonkey access to the Internet:

  1. Open the ZoneAlarm control center
  2. Select "Program Control" on the left
  3. Select "Programs" on the top
  4. Find the application's entry (e.g., Firefox) in that list and make sure there is a (green) check mark in the "Access Internet" column. Make sure the application version shown in the bottom of the window matches the version you are using.

If the previous instructions don't work, right click on the application's entry (e.g., "Firefox") and select "Remove". Do this for all entries for that application. The next time you start the application, ZoneAlarm should ask you whether you want to allow access. For more help with ZoneAlarm firewall settings, read Configuring ZoneAlarm (Firefox Support) or visit ZoneAlarm Support.

ZoneAlarm firewall issues

The ZoneAlarm firewall may behave in ways the user may not expect:

  • Closing the ZoneAlarm window by clicking on the 'X' in the upper right does not stop the firewall; it just minimizes the window to the system tray. To shut it down (briefly!) for debugging, right click the icon in the tray and select "Shutdown ZoneAlarm".
  • Uninstalling ZoneAlarm from Settings | Control Panel | "Add or Remove Programs" may not actually uninstall the firewall. The ZoneAlarm user interface (control center) may be uninstalled while leaving the actual firewall running.[20] To completely remove ZoneAlarm, run the uninstaller in the ZoneAlarm program folder.[21]
  • If Firefox stops loading websites or hangs at exit and you cannot end the firefox.exe process in Windows Task Manager, this is a known ZoneAlarm firewall isssue on Windows Vista. You will need to restart the computer before you can reopen Firefox. Uninstall ZoneAlarm and either use the Windows Firewall or install another firewall. [22] [23].
  • ZoneAlarm may malfunction because of a corrupted data base. The steps to solve the problem are reported here. Also look here for additional information.
  • Some Internet service providers (ISPs) send out "heartbeat" messages to see if you are still using your connection. ZoneAlarm may block these messages, and you may get disconnected. For more information, press the "Help" button and search for heartbeat in the index. Some ISPs provide a specially configured version of ZoneAlarm that you can use, or else you can configure ZoneAlarm to allow these incoming messages.

Note: ZoneAlarm ForceField is a separate ZoneAlarm product that is not part of the firewall. If Firefox crashes with ZoneAlarm ForceField installed, see this article.

See also

External links