[Zone] Manual Zone Refresh after boot was required

[cocoon]

Using the latest test version (3.13.11-test01) I just experienced that after a reboot I could not ping my local network, even if I have a Zone for it applied.

To fix it, I had to manually reapply the zones with the button "Zonen aktualisieren".

I have configured "NT Kernel & System" with "Allowed" and attached one Zone with the local Network IP addresses. Before refreshing Zones I even could not ping my own public IP address of the own system.

In between before reapplying the Zones I tried with disable "Filtering" completely and it worked, I re-enabled "Filtering" and could not ping the IPs until manually refreshing Zones.

Maybe a Zone-Refresh should be triggered on Programstart and when Filtering is enabled?

I will try if I can reproduce it again and boot again now. Update: yes reproducible.

[tnodir]

I just experienced that after a reboot I could not ping my local network, even if I have a Zone for it applied.

Check the Zones window: Does the required zone show some number in "Addresses" column?

To fix it, I had to manually reapply the zones with the button "Zonen aktualisieren".

This button downloads zones and stores the addresses in the cache folder.

The cache of zones is in "C:\ProgramData\Fort Firewall\cache\zones\*.bin" files by default.

Maybe you changed the cache folder to temporary folder and cached zone files are removed after reboot?

Maybe a Zone-Refresh should be triggered on Programstart and when Filtering is enabled?

You can configure the Options: Schedule: "Zones Downloader" to run on startup and in some interval.

[tnodir]

I will try if I can reproduce it again and boot again now.

Do I understand it correct:

• add new Zone with "Addresses with Inline Text"
• fill the Zone's addresses
• click on "Update Zones", so the "Addresses" column is not zero
• reboot
• the "Addresses" column is zero?

[cocoon]

I booted again to verify, and it shows numbers in the addresses column after boot, but ping is not allowed, error is "Allgemeiner Fehler".

"You can configure the Options: Schedule: "Zones Downloader" to run on startup and in some interval." I know this, but I would expect existing Zones to always work, regardless if I enable a task to "download" Zones, what sounds more to let it update from files.

I did not change the cache folder, files exist in: "C:\ProgramData\Fort Firewall\cache\zones\"

[tnodir]

I know this, but I would expect existing Zones to always work

Yes, it should work.

Can you please describe step by step how to reproduce the bug?

[cocoon]

I can try in a fresh Win11 VM that I just created this week, can do a snapshot, so I will check. One important option of course is that I enabled the two options to filter local addresses (127.0.0.1 ...) and local Networks

... but will test

[tnodir]

OK, I've reproduced it. Fixing..

[cocoon]

And could reproduce in Win11 VM.

IP: 192.168.32.138 Network: 192.168.32.0/24

Windows Firewall all profiles disabled

Steps:

• Installed Fort Firewall
• Configured both options to filter local network.
• Add Zone for the local network that contains the VMs public LAN IP (192.168.32.0/24)
• do a Ping to force popup "NT Kernel & System" as new program
• set to allow + enable the Local Network Zone
• Reboot
• try to Ping VM IP 192.168.32.138 --> ERROR

[tnodir]

It's a regression from v3.11.3 (51e3ff91).

[tnodir]

Please check the v3.13.11-test02.

[cocoon]

First test I found 2 problems:

After upgrading my installed firewall, I had to restart the service (in that case VMware auth service) to be able to use VMware Workstation Console again.

In the VM (that was reset back to the snapshot before installing the firewall)m I made a fresh installation with fort firewall and configured it, made the zone and then created the program entry for NT Kernel & System with allow + the local network Zone. At that point it was not able to ping the VMs own IP. I first had to manually refresh the zone, because it seems not to do that, after a Zone is created. Maybe after creating a Zone automatically do a refresh? Or ask with a confirmation window if there is a reason to not automatically apply a new Zone?

After that, ping was OK.

Then reboot ... Ping was OK.

So I think it looks good after a reboot now.

[tnodir]

After upgrading my installed firewall, I had to restart the service (in that case VMware auth service) to be able to use VMware Workstation Console again.

Does it happen when updating for example from v3.13.9 to v3.13.10?

I first had to manually refresh the zone, because it seems not to do that, after a Zone is created.

Yes, you have to manually Update Zones.

Or ask with a confirmation window if there is a reason to not automatically apply a new Zone?

Yes, it looks like a good idea..

[tnodir]

Please check the v3.13.11-test03.

[cocoon]

Yes that is much better with the confirmation to update Zones, works like expected 👍

"Does it happen when updating for example from v3.13.9 to v3.13.10?" I don't know, but I will tell you again if I find it as a reproducible problem. With the upgrade now from test02 to test03 it had no problem with the VMware service.

[tnodir]

Fixed in v3.13.11.