PaulFirst off, I passed, which makes me a Cisco Certified Network Associate. Guess I could say I'm well pleased. All the work over Christmas and New Year was worthwhile.
The router provides a useful first line of defence against hacking. I presume you're doing NAT on the router and use a private address range (usually 192.168.x.x) on your internal network. With this setup, it's not possible for someone on the outside to make a connection to your PC. Therefore, the ZoneAlarm alerts disappear. Some provisos apply here which is why I suggested filtering on the routers external interface for any packets that appear to have addresses in your private address range.
If you're interested in more detail then shout and I'll do my best to fill in the blanks. Specifically, if you want to make services available to the outside world then you'll need to set up static port translations on the router.
Andrew Luck
18 SW EGSH