network adapter in "internet zone"

Posted on 2005-05-16
Last Modified: 2013-11-16
I have added my router ( subnet into the trusted zone in my firewall software(zonealarm) so my PCs can see each other etc

However my network adapter who's ip is defined by the router (dhcp) is still in the internet zone is the safest ??

Surely as any traffic on this adapter has had to have gone through my router's 2-stage firewall anyway it is safe ??? but is internet zone still best for the adapter ?? why ??

Question by:silki
    LVL 27

    Expert Comment

    Your network adapter should have an ip like 192.168.0.x so it's in the trusted zone too.

    I see no reason to add an entry for it and put it in the internet zone.

    Any traffice to or from outside of 192.168.0.x is treated as traffic in the internet zone, no network sharing is possible etc.

    I think you are safe.

    I'm using zonealarm for 3 years now, behind a router with a firewall and NAT it's almost unneccessary to use zonealarm except you want to block applications from phoning home.


    Author Comment

    Hi thanks Tolomir for the feedback just to clarify

    My Router is subnet - TRUSTED
    My Network Card is subnet - NETWORK

    I need my trusted subnet their to share files on my network but leaving my Network Card as NETWORK doesn't really make any difference from what you have said as my Routers firewall will block all threats at the source ???

    LVL 27

    Accepted Solution

    Well don't mix it up. It's not subnet but subnet mask

    Your subnet is

    IN your subnet there is a router .1 and one of your computers .2, they are in the same subnet the subnet mask tells your computers this. So is NO network address.

    >This is taken from:
    A mask used to determine what subnet an IP address belongs to. An IP address has two components, the network address and the host address. For example, consider the IP address Assuming this is part of a Class B network, the first two numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this network.

    Subnetting enables the network administrator to further divide the host part of the address into two or more subnets. In this case, a part of the host address is reserved to identify the particular subnet. This is easier to see if we show the IP address in binary format. The full address is:


    The Class B network part is:


    and the host address is


    If this network is divided into 14 subnets, however, then the first 4 bits of the host address (0001) are reserved for identifying the subnet.

    The subnet mask is the network address plus the bits reserved for identifying the subnetwork. (By convention, the bits for the network address are all set to 1, though it would also work if the bits were set exactly as in the network address.) In this case, therefore, the subnet mask would be 11111111.11111111.11110000.00000000. It's called a mask because it can be used to identify the subnet to which an IP address belongs by performing a bitwise AND operation on the mask and the IP address. The result is the subnetwork address:
    Subnet Mask       11111111.11111111.11110000.00000000
    IP Address       10010110.11010111.00010001.00001001
    Subnet Address       10010110.11010111.00010000.00000000

    The subnet address, therefore, is
    Actually you don't need the two enties for your router and your "network" they are both one and the same for zonealarm. Set network to trusted and remove the other entry (for your router) and everything is ok.

    Behind a firewall zonealarm has no need to block incoming packets, this does the firewall by itself. You can just use zonealarm to block phoning home and other stuff -> outgoing stuff!!!

    So you can set your network to trusted, filesharing is blocked by your router/firewall anyway, there is no need to let zonealarm do the job.

    Btw. you also don't need to configure your router/firewall to block filesharing, instead you would have to allow filesharing explicitly, so here is no danger too.



    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now