When do you want or need to use this feature?
I originally enabled "Full Trust" control in order to allow my Nortel VPN to connect. However, after searching these forums, I did not find this suggestion anywhere, so I deleted it then created a General Rule.
I am now curious as to what Trust Control does and under what circumstances is it a good feature to enable?
Thanks.
Network Security Map automatically detects the presence of a local area network and classifies the data that’s coming in from a local network device. You can configure the program to handle local network data traffic differently as compared to the Internet traffic.
You can configure Personal Firewall (through Network Security Map) to treat your local area network as one of the following:
•Full Trust
•Shared Network
•Protected Network
•Restricted Network
Following is a description of each trust level:
Full Trust
When the local network is categorized as Full Trust, the Personal Firewall feature allows all incoming traffic from the local network devices. No firewall rules would be applied for local network devices when it is fully trusted.
Shared Network
In case of Shared Network, firewall rules apply when a network computer tries to establish a connection to the local computer. However, NetBIOS and Windows File Sharing traffic is allowed (the filesharing firewall rule is not applied). If you have a file or printer sharing enabled, then this setting is ideal.
Protected Network
When the network is categorized as a Protected Network, firewall rules are applied to all incoming connections from local network devices. Unless you share files or printers on your computer, Symantec recommends this setting.
Restricted Network
When the network is categorized as a Restricted network, all local network devices do not have direct access to your computer. Any attempt from a network computer to connect to your computer is denied.
Vineeth--
Also, please make sure that you have all the Uncommon Protocols enabled in the Firewall settings. VPN uses some ‘not ordinary’ protocols to make the connections and maintain them. Just a ‘gotcha’ to watch out for.
delphinium wrote:The Trust Control feature allows Norton to automatically make the rules that allow the devices to connect. Assuming that the VPN registered as a network device, it might show as protected by default which would not allow the connection. Changing that to Full Trust allowed the connection.
In deleting that trust level and building the rule manually, you have essentially done the same thing but may have allowed more in the building of the rule than the smart firewall would have. If you have chosen to allow all forms of communication on all ports, it may be less secure than allowing the firewall to make the most appropriate settings for the VPN.
Hope this helps.
I did not delete or change a Trust Control entry that Norton created. I created one myself. The choices were Restricted, Protected and Full Trust. Protected did not allow a VPN connection. Full Trist allowed a VPN connection.
Searching these forums, I found several posts related to issues with the Nortel VPN. Not one of them suggested adding a Trust Control, Trust Level entry "Full Trust" to allow the VPN connection.
I understand that Trust Control provides an easier way to "enable rules" automatically without having to explicitly create them manually.
However, I do not understand why you think a properly written rule may be less secure that "Full Trust" trust level. My understanding is there are no rules applied when the Trust level is "Full Trust".
When do you want or need to use this feature?
I originally enabled "Full Trust" control in order to allow my Nortel VPN to connect. However, after searching these forums, I did not find this suggestion anywhere, so I deleted it then created a General Rule.
I am now curious as to what Trust Control does and under what circumstances is it a good feature to enable?
Thanks.
I might be a little blurry on it myself but setting a communication device like a router or your set up is probably going to specify only the use of common communication ports. If your rule is all communications on all ports, it would then be less secure. I prefer to modify a rule that is already in place and specify the port on which it is allowed to communicate rather than building a new rule. You may already know all of this, but there is a fair bit of info available here that might be of interest.