From MozillaZine Knowledge Base

A personal firewall (e.g., the Norton firewall and ZoneAlarm) is a security program that controls access to the Internet. The firewall may be a freestanding program, or it may be part of an Internet security package.

After your Mozilla application is installed or updated, your security software must be configured to allow Internet access. This may happen automatically, or you may have to do it. If you deny access, you must reconfigure the security software to allow access. No Web browser or any other program can control the firewall. If it could, that would completely bypass the security of the firewall.

This article provides general information about software firewalls as well as information about specific firewall programs. For information about other security programs, including antivirus programs, that can can block internet access or cause other connection issues, see Error loading websites.

Firewall pitfalls

• Firewalls may not "know" about every update, and may sometimes require manual configuration.
• Some firewalls continue running even if you think you have disabled them.
• Some firewalls continue running even if you think you have uninstalled them. The EnumProcess tool for Windows will help you find any firewalls that may be running.
• A firewall can easily block Firefox/Thunderbird/SeaMonkey without blocking Internet Explorer.
• Some firewalls provide detailed rules concerning Internet access, any of which could block Internet access.[1][2][3][4]
• If the firewall shows that Internet access is already allowed for your Web browser or Thunderbird, that may be for the previous version. Try deleting all versions from the access list so the firewall must request permission again.
• Some firewalls have bugs. Try removing all mention of your Mozilla application from the access list so the firewall must request permission again.
• Some firewalls require you to restart your computer for changes to take effect.
• Here are some other ways to be fooled.

AVG Internet Security

If the AVG Internet Security firewall is blocking internet access, delete the application rule for your Mozilla application, then grant access the next time you are asked. The following instructions are from the AVG 8.0 Technical FAQ:

Editing or deleting current rule

1. open AVG User Interface -> menu Tools -> Firewall settings
2. expand Profiles -> your profile (e.g. Standalone computer) -> Applications
3. click on the Mozilla application rule that you want to change
4. click "Delete this rule"

If you need more help, see the article Configuring AVG Internet Security (Firefox Support) or contact AVG Support.

CA Personal Firewall

The CA (Computer Associates) Personal Firewall was formerly known as "eTrust Personal Firewall". The following instructions are from the CA support article, Having trouble accessing applications after installing CA ISS or CA Personal Firewall 2007 (the linked article includes screen shots).

1. Open CA Personal Firewall
2. On the left panel, click on Firewall.
3. On the right, select the Application Control tab.
4. If your program has already requested internet access you will already find it within this list. To ensure the program is given the necessary access, click on the program name and then click on the Delete button.
5. A Confirm popup will ask if you want to delete the application, click Yes.
6. Close CA Personal Firewall
7. Open the program you wish to grant access. A few seconds after the program opens you will see a CA Personal Firewall Security Alert message. Within this box there will be the option to Allow or Deny the program and the ability to remember this setting. We recommend that you check the box to remember the selection for your default web browser and email program so check this box and then click on the Allow button.

If you need more help, see Configuring CA Internet Security Suite (Firefox Support) or contact CA technical support.

Comodo Firewall Pro

This is the free Comodo Firewall. An earlier version was called Comodo Personal Firewall.

Using Thunderbird as an example:

1. Right click on the icon in the system tray and select open.
2. Click on security, and then application monitor. That should display a list of applications and their rules.
3. If there is a existing rule for Thunderbird select it.
   1. Press edit (or right click on the rule and select edit from the context menu).
   2. Press the application browse button and browse to your Thunderbird.exe file.
   3. Select "Specify a parent". Press the parent browse button and browse to Explorer.exe (Windows Explorer) in your windows directory.
   4. The general tab should have allow , "TCP or UDP", and IN/OUT. If it doesn't, change the settings.
   5. Press OK.
4. Otherwise press Add.
   1. Press the application browse button and browse to your Thunderbird.exe file.
   2. Select "Specify a parent". Press the parent browse button and browse to Explorer.exe (Windows Explorer) in your windows directory.
   3. The general tab will default to allow , "TCP or UDP", and IN. Change the direction from IN to IN/OUT.
   4. Press OK.

The list of rules should have a line with Thunderbird.exe, [any], [any], TCP/UDP In/Out and a green check mark next to Allow.

Comodo Firewall Pro, by default, keeps track of each parent (host process) for a given application [5]. For example, Comodo doesn't have just one rule for Thunderbird, it creates rules that also specify what application launched Thunderbird. This can include one for Windows Explorer, Firefox, and even Thunderbird launching itself when it upgrades. If you don't need this fine grained control rather than pressing the parent browse button select "skip parent check" to make it use one rule (and avoid specifying who can launch it). If it already has multiple rules selecting "skip parent check" in any of those rules should automatically delete the other Thunderbird rules.

If you need more help, see Configuring Comodo Firewall Pro (Firefox Support) or visit Comodo Firewall Pro Support.

eTrust EZ Firewall

1. Double click the EZ Firewall icon in the system tray
2. Ensure that the ‘Lock’ icon at the top is in the unlocked position.
3. To the left of the window, click ‘Program Control’
4. Click the ‘Programs’ tab from the top.
5. Look for your internet program (e.g. "Mozilla" or "Firefox") and ensure that the permissions under ‘Access’ and ‘Server’ have a green check mark (allow).
6. Look for Generic host process for win32, (Win XP and Win 2000 only). Again, ensure that the permissions under 'Access' and 'Server' have a green check mark (allow).
7. Look for Application Layer Gateway, ensure 'Access' and 'Server' have check marks.
8. Try accessing the internet again.
9. If you are still unable to surf, remove all instances of your internet program (e.g. "Mozilla" or "Firefox") and Generic host process for win 32 from the program list. You can remove them by right click the name and selecting remove from the popup window.
10. Once this is done, try accessing the internet again. You should get a firewall alert asking for access permission to allow the processes mentioned above, please allow them, this should get your internet working again. [6]

Additional information is contained in CA support document, I cannot surf the Internet since installing EZ Firewall

Kaspersky firewall

Because of a bug, the Kaspersky firewall may continue to block Internet access even though it is supposed to be disabled. [7][8] Access may be blocked even if only the Kaspersky Antivirus program is running.[9] As with any firewall, the best solution is not to disable it, but to configure it to allow the updated application.

Users also have the option of blocking domain-name service (DNS) for some programs but not others. [10][11]. You must allow DNS access for normal Web browsing.

The Kaspersky firewall can also interfere with pipelining [12]

In some cases, it may be necessary to delete the application rule for Firefox/Thunderbird/Mozilla Suite/SeaMonkey, then grant access the next time you are asked. The following instructions are from the article, Firewall rules for applications in Kaspersky Internet Security 7.0:

1. Open the Kaspersky application Settings window
2. select Firewall under Protection.
3. Click on Settings under Filtration System.
4. In the Settings: Firewall window, select the Rules for Applications tab.

Using the Delete button, you can delete a rule for the selected application (e.g., Firefox.exe).

If you need more help, read Configuring Kaspersky Internet Security (Firefox Support) and this web page or visit Kaspersky Technical Support and Knowledge Base.

McAfee Personal Firewall

1. Right-click the McAfee icon, point to Personal Firewall, then click Internet Applications.
2. In the Permissions list, right-click the permission level for an application, and click Delete Application Rule.

The next time the application requests Internet access, you can set its permission level to re-add it to the list. [13]

For more information see the McAfee support documents, Unable to access the Internet after Installing Personal Firewall Plus and Security levels in McAfee Personal Firewall Plus 6 and 7.

If you need more help, visit McAfee Technical Support or the McAfee Support Forums.

Norton firewalls from Symantec

The Symantec support site for Norton products offers extensive resources, including the AutoFix Tool for home users and a FAQ page. A Norton Community forum is also available.

Important: Even after all Norton products are uninstalled, a driver can be left behind that blocks Internet access. [14][15] The EnumProcess tool can be used to detect the firewall. A removal tool can be downloaded from Symantec to completely remove Norton products from your computer.

Norton 360

If you are using the Norton 360 internet security suite and your Mozilla application cannot access the internet, check your Firewall Protection settings. The following instructions are from the Symantec support article, Configuring the firewall feature in Norton 360.

Configure Firewall Program Rules

1. Start Norton 360.
2. Click Task and Settings.
3. Click Change Advanced Settings.
4. Click Firewall Protection Settings.
5. On the Firewall Programs Rule tab, in the Program column, scroll through the list until you find the program that you want to allow access. For example, if you are unable to use Firefox, scroll through the list until you find the entry for Mozilla Firefox.
6. Change the Access from Block or Custom to Allow.
7. Click Apply > Close.

For more help, read Configuring Norton 360 (Firefox Support)

Norton Internet Security

The firewall component of Norton Internet Security (NIS) must be configured to allow updated programs to use the Internet. If your Mozilla application cannot access the Internet, follow these instructions (from the Symantec support articles, Some Internet-enabled programs can no longer access Internet after installing Norton Internet Security 2008 and Cannot use a specific program after installing Norton Internet Security 2007):

Allow access to the program in Firewall Program Rules

1. Start Norton Internet Security.
2. In the main pane, click Norton Internet Security tab.
3. Click Settings.
4. Under Web Browsing, click Personal Firewall and then click Configure.
5. In the left side of Norton Internet Security Options window, click Personal Firewall and then click Program Control.
6. In the Program Column, select the specific program.
7. Change the Access from Block or Custom to Allow.
8. Click OK.

For other versions of Norton Internet Security, see this Symantec Knowledge Base article and this forum post. If you need more help, read Configuring Norton Internet Security (Firefox Support).

Outpost Firewall

Make sure the Rules Wizard firewall policy is on. The Outpost Firewall can cause Firefox to stall, by blocking the loopback (localhost) connection.[16][17]

Sygate Firewall

Sygate was bought in 2005 by Symantec, and development under that brand ceased shortly thereafter.[18] Existing copies of the firewall will still function, but will not receive any updates. Support may still be available from Symantec.

Sygate blocks type 3 and 4 ICMP traffic by default, which can cause timeouts and failed FTP uploads. To unblock ICMP, see this post.

To reset program control for Mozilla program:

1. Close the Mozilla program (Web browser or Thunderbird). Make sure it's closed in the Task Manager.
2. Open Sygate's main screen.
3. Click 'Applications'.
4. Scroll to the Mozilla program, highlight it and select 'Remove'.
5. In Sygate, go to Tools > Options > Security tab and press 'Reset Fingerprints'.
6. Close Sygate.
7. Re-open the Mozilla program and it should get re-detected.
8. Tell it to remember the decision and click OK.[19]

Trend Micro PC-cillin Internet Security

You can remove or edit the Firewall rules for specific programs in Trend Micro (aka PC-cillin) Internet Security by accessing the Program Control settings. These instructions are from the Trend Micro support article, How do I set the Personal Firewall of Trend Micro Internet Security 2008 to allow or block specific programs?

To set the Personal Firewall to allow or block connections from specific programs, do the following:

1. Open the Trend Micro Internet Security main console by doing any of the following:
   • Click Start > Programs or All Programs > Trend Micro Internet Security > Trend Micro Internet Security.
   • Double-click the Trend Micro Internet Security icon on the lower right corner of your screen.
2. Click Home Network & Firewall Controls on the left panel.
3. Under Personal Firewall, click Settings.
4. On the Personal Firewall Settings screen, make sure there is a checkmark in the Activate the Personal Firewall checkbox.
5. Click Advanced Settings.
6. Click the Program Control tab.

For earlier versions of Trend Micro/PC-cillin, see:

• How can I set the Trend Micro PC-cillin Internet Security 2007 Personal Firewall to allow or block specific programs?
• The user has no Internet connection after installing Trend Micro PC-cillin Internet Security 2006

If you need more help, visit Trend Micro Support.

Windows Firewall

The Windows Firewall in Windows XP filters only inbound traffic. In Windows Vista, the Windows Firewall can filter both inbound and outbound traffic; however, outbound filtering is turned off by default [20].

In some cases, you may need to remove Firefox/Thunderbird/Mozilla Suite from Windows Firewall exceptions list, if listed, and re-add it. The following instructions are for Windows XP sp2 (Windows Vista should be similar):

1. Close Firefox/Thunderbird/Mozilla Suite
2. Start -> Settings -> Control Panel -> Windows Firewall
3. General tab - Make sure the firewall is switched on and "Don't allow exceptions" is unchecked.
4. Exceptions tab - Find the Firefox/Thunderbird/Mozilla Suite entry and delete it.
5. Check the box next to "Display a notification when Windows Firewall blocks a program".
6. Click "OK" to exit the Windows Firewall window.
7. Start Firefox/Thunderbird/Mozilla Suite.
8. Windows Firewall should then ask whether you want to keep blocking or unblock. Select "Unblock".

For more information, open the Windows Start menu, go to Help and Support and search on "Firewall", or see these articles:

• Troubleshooting Windows Firewall settings in Windows XP Service Pack 2
• Windows Vista Help: Understanding Windows Firewall settings
• The New Windows Firewall in Windows Vista and Windows Server "Longhorn"

ZoneAlarm

Some Internet service providers (ISPs) send out "heartbeat" messages to see if you are still using your connection. By default, ZoneAlarm blocks these messages, and you may get disconnected. For more information, press the "Help" button and search for heartbeat in the index. Some ISPs provide a specially configured version of ZoneAlarm that you can use, or else you can configure ZoneAlarm to allow these incoming messages.

ZoneAlarm behaves in other ways the user may not expect:

• Closing the ZoneAlarm window by clicking on the 'X' in the upper right does not stop the firewall; it just minimizes the window to the system tray. To shut it down (briefly!) for debugging, right click the icon in the tray and select "Shutdown ZoneAlarm".
• Uninstalling ZoneAlarm from Settings | Control Panel | "Add or Remove Programs" may not actually uninstall the firewall. The ZoneAlarm user interface (control center) may be uninstalled while leaving the actual firewall running.[21] To completely remove ZoneAlarm, run the uninstaller in the ZoneAlarm program folder.[22]

To configure ZoneAlarm to allow Firefox/Thunderbird/Mozilla Suite access to the Internet:

1. Open the ZoneAlarm control center
2. Select "Program Control" on the left
3. Select "Programs" on the top
4. Find the application's entry (e.g., Firefox) in that list and make sure there is a (green) check mark in the "Access Internet" column. Make sure the application version shown in the bottom of the window matches the version you are using.

If the previous instructions don't work, right click on the application's entry (e.g., "Firefox") and select "Remove". Do this for all entries for that application. The next time you start the application, ZoneAlarm should ask you whether you want to allow access.

ZoneAlarm may malfunction because of a corrupted data base. The steps to solve the problem are reported here. Also look here for additional information.

For more help with ZoneAlarm settings, read Configuring ZoneAlarm (Firefox Support) and the ZoneAlarm Support Center article, Getting Started with ZoneAlarm.

See also

• Error loading websites
• Object has been blocked
• Images or animations do not load - Security software
• Websites report cookies are disabled - Security software settings

External links

• Firewalls (Firefox Support)
• Personal Firewall Reviews
• Internet Security & Utility Suites
• Firefox: When you cannot connect