We help IT Professionals succeed at work.

zonealarm and connection sharing in w2k

zebada asked
I have a small network of 4 PC's that use connection sharing to access the internet via dial up modem on one of the PCs. The PC that dials to the internet has connection sharing enabled and has zonealarm installed.

None of the other PCs can surf the web. I can only access the web from the other PCs if I put the URL of the site that I want to surf into zonealarm's "list of trusted local servers".

Is there a way (in zonealarm) to allow these other PCs to surf the web, as I can't possibly enter in ALL the URLs that I might want to visit. I have the PCs listed in the "list of trusted local computers" as well.

By the way if I remove zonealarm from the dial out PC then the other PC's can surf the web no problem.

Watch Question

Top Expert 2007

You need to use the Advanced config of Zone alarm to trust all the other computers on your network.

I hope this helps !


Thanks for the thought but as I said in the question:

...I have the PCs listed in the "list of trusted local computers" as well...

I didn't list them individually, because I am using DHCP, so I just gave an IP range like this: ...

I can access any PC on my lan, they just can't access the internet.

I was able to surf the net from the other PC's when I used a third party proxy instead of Microsoft's connection sharing. All I needed to do was to give the proxy server access to the internet in ZoneAlarm and ALL my other PC's were able to get to the internet via the proxy. Is there some way to tell ZoneAlarm that the Microsoft's connection sharing server (whatever that is) needs to have internet access?

Les MooreSr. Systems Engineer
Top Expert 2008

Have you tried this:

By default, ZoneAlarm does not include the adapter subnets that correspond to your network cards as part of your Local Zone. Therefore, computers on your Local Area Network will not be visible to each other.

In ZoneAlarm, to include the subnets of network adapter cards in your Local zone:

- Step 1. Go to the Security panel.
- Step 2. Select "Advanced."
- Step 3. Under "Adapter Subnets," locate the network adapter that corresponds to your network and check the checkbox.
- Step 4. Click "Apply."
- Step 5. Click "OK."

From the Zone Alarm manual:
"If you are looking for a firewall for your gateway PC, it is highly recommended that you upgrade to ZoneAlarm Pro."


Thanks Irmoore,

But I have already done that too.
I guess maybe I need to try the Pro version.

If I purchase the pro version and it fixes the problem then I'll post the results here.
Or I might just go back to using Proxy+.



ZoneAlarm is *NOT* fully compatible with ICS, to use ICS You must move the "security" slider of ZA to "medium" otherwise ICS won't work.

In any case if You're using Win9x ICS I suggest You to uninstall ZoneAlarm and install sygate PF instead, SPF is fully compatible with win9x ICS and will allow You to share the connection

According to the ZoneAlarm documentation you need to set the ICS Server or ICS Client on the advanced security setting page.

I haven't tried this because it is only available on the Pro edition.  (I found the same problem as you and gave up until I have to buy and install the pro product)


I repeat it, uninstall ZA and install SyGate PF *or* Tiny PF, ZAfree and ZApro are no more the "best of the bunch" and lately they created LOTS of problems, for more informations about how to uninstall ZA (Yes it has problems uninstalling too) see this link:


while for a more general FAQ see here:


in any case take a look at Sygate PF or Tiny PF here:


the first (SPF) is powerful and (somewhat) easy to configure while the second is MORE powerful but more difficult to configure, in any case give up with ZA!



I am now using Tiny PF, it works properly with ICS, thanks

Explore More ContentExplore courses, solutions, and other research materials related to this topic.