Comodo Dome Firewall

• Introduction To Dome Firewall Central Manager
  • Sign-up For Firewall Central Manager
  • Setup Dome Firewall Central Manager
  • Integrate Central Manager With Comodo One / Comodo Dragon / ITarian
  • Login To The Admin Console
  • Change Password
  • Add Organizations
  • Enroll Dome Firewall Devices
• The Main Interface
• The Dashboard
  • View Details Of A Firewall Device
  • Quick Actions On A Firewall Device
    • Backup/Restore A Firewall Device
    • Configure SSH Access For A Firewall Device
    • Network Configuration
  • Access Admin Console Of A Firewall Device
• Manage System Status And General Configuration
  • Update Firmware Version
  • View And Upgrade Central Manager License
  • View Management Tasks
• Customer Management
  • Manage Organizations
  • Activate Firewall Licenses
• Approve Firewall Device Enrollment
• Add Interfaces
• Firewall Management
  • Configure Firewall Policy Rules
  • Manage Firewall Address Objects
  • Manage Firewall Object Groups
  • Configure Destination Network Address Translation Rules
  • Configure Source Network Address Translation Rules
  • Configure System Access Rules
• Configure Virtual Private Network Settings
  • Configure IPSec/L2TP Users
  • IPSec Configuration
  • Configure L2TP Server
• Manage Advanced Threat Protection Profiles
• Manage URL And Content Filtering Profiles
• Intrusion Prevention
  • Configure The Intrusion Prevention System
  • Manage IPS Rulesets
  • Manage Application Identification Rulesets
• About Comodo Security Solutions

Configure Firewall Policy Rules

 

Each Comodo Dome Firewall has a policy which manages traffic flowing in and out of the network. The policy is constructed from a series of firewall rules that are created and imposed for different types of data traffic.

• Incoming traffic - Traffic from external network zones to specified hosts in the internal network zone

• Outgoing traffic - Traffic from hosts to the external network zone

• Inter-zone traffic - Traffic between network zones connected to the firewall device
  

• VPN traffic - Traffic from users connected to internal zones via virtual private network (VPN).

 

The 'Firewall Policy' interface lets you create and manage rules for policies which are applied to organizations and individual firewall devices. An organization policy will apply to all firewall devices belonging to that organization.

• Note - Existing FW policies will not be imported with the device.

To configure firewall policy

• Click 'Firewall' on the left and choose 'Firewall Policy'

• Select the organization/device from the drop-down in the title bar

• Select an organization to manage policy/rules for all devices in that organization

• Select an individual device under an organization to manage policy/rules for a single device.

The 'Current Rules' pane shows all rules which constitute the policy. You can edit these rules and create/remove rules.

Policy Firewall Rules Table - Column Descriptions
Category	Column	Description
General Settings	#	Serial number of the rule.
	From	The interface or network zone from which the traffic originates.
	To	The interface or network zone to which the traffic is directed.
	Source	The firewall object or object group which contains the addresses of the host(s) from which traffic originates.
	Destination	The firewall object or object group which contains the addresses of the host(s) to which traffic is sent.
	Service	Protocol and port that will be used by traffic affected by this rule.
	Policy	Indicates the action taken on the data packets intercepted by the rule
	Remark	A short description of the rule.
Web Protection	URL Filter	Whether or not the 'Web Filter' security profile is enabled for the rule. If enabled you will see the name of the profile.
	Advanced Threat Protection	Whether or not the 'Advanced Threat Protection' component is enabled for the rule.
	SSL Intercept	Whether or not the 'HTTPS Intercept Web Filter security profile' is enabled for the rule. If enabled you will see the name of the profile.
Intrusion Prevention	IPS	Whether or not the 'Intrusion Protection System (IPS)' security profile is enabled for the rule.
	AppID	Whether or not the the 'Application Filter' rule is enabled for the policy.
	Rule ID	Identity number of the rule. This is determined by the order in which the rules were created for the device/organization. Traffic is allowed or denied based on the first matching rule in ascending order of ID numbers. This is regardless of the order of the rules as shown in the table.
	Actions	Controls for managing the rule. - Enable or disable the rule - Modify the rule. The 'Edit' interface is similar to the 'Policy Firewall Rule Editor' interface used to create new rules. See Add Firewall Rules for more details. - Removes the rule.

Add Firewall Rules

Firewall rules contain three components:

• General Settings - Specify source and destination addresses and the service/protocol of packets to be intercepted by the rule. You can specify the firewall address objects and object groups as source and destination addresses. See Manage Firewall Address Objects for more details on adding firewall address objects.

• Web Protection - Enable or disable URL filtering, Advanced Threat Protection (ATP) and SSL Interception. You can also choose pre-configured profiles for them. See Manage Advanced Threat Protection Profiles and Manage URL and Content Filtering Profiles for guidance on creating these profiles.

• Content Flow Check - Enable or disable Intrusion Prevention and Application Detection settings for the rule. See Intrusion Prevention for more details on managing these settings.

You can create different rules for different configurations for each of these components. The rules will be applied to the inbound and outbound packets in order.

To add a rule to an existing organization a device policy

• Click 'Firewall' on the left and choose 'Firewall Policy'

• Select the organization/device from the drop-down in the title bar

• Select an organization if you wish to manage policy rules for all devices in the organization

• Select an individual device to manage policy rules for a particular device

• Click 'Add New Firewall Rule' at the top-left of the 'Current Rules' interface

General Settings:

• Enabled – Enable or disable the firewall rule. You can also enable/disable the rule from the 'Current Rules' interface.

• Log all accepted packets – Enable to create a record of all packets allowed by the rule. You can view the logs from the respective firewall administrative console. See https://help.comodo.com/topic-451-1-936-12765-View-Logs.html for more details
   for more details. 

• Incoming Interface - Choose the interface through which traffic is received from the drop-down. The drop-down shows the common and custom interfaces created for the selected organization or device. 

• You can select more than one interface for the rule

• Use the 'Search' box to search for a specific interface
  

• Source Address - Choose the firewall address object or the object group from which traffic originates. Please note that only the firewall address objects and object groups created for the selected organization/device will be available in the drop-down. See Manage Firewall Address Objects for guidance on creating firewall address objects.

• Outgoing Interface - Choose the interface through which the traffic is sent. The drop-down shows the common interfaces and the custom interfaces created for the selected organization or the device.

• Destination Address - Choose the firewall address object or group to which traffic is sent. Please note that only the firewall address objects and object groups created for the selected organization/device will be available in the drop-down.

• Service - Choose the type of service hosted by the source from the drop-down

• Protocol - Choose the protocol used by the service

• Destination port - Specify the destination port number(s) used by the service, one by one.

Web Protection Settings

• Click 'Web Protection' to open the security features for web protection:

• URL Filtering – Enable or disable URL filtering profiles on traffic intercepted by the rule.

• Move the switch to ON position to enable URL filtering

• Select the profile which specifies the sites you wish to block or  allow from the drop-down:

• URL filtering profiles can be added for organizations/devices from the 'URL Filter' interface. See Manage URL and Content Filtering Profiles for more details. 

• Profiles defined for an organization can only be applied to devices which belong to the organization. If you apply it to the organization itself, the profile will pertain to every device in the organization.

• Profiles defined for an individual device will be available only for that device.

• Advanced Threat Protection - Enable or disable advanced threat protection (ATP) settings on traffic intercepted by the rule. You can choose the ATP profile you want to apply from the drop-down menu.

• Move the switch to ON to enable ATP.

• Select the ATP profile from the drop-down.

• The ATP default profile can be managed for the organization/device from the 'Advanced Threat Protection' > 'Profiles' interface. See Manage Advanced Threat Protection Profile for guidance on this.

• SSL Interception - Enable or disable analysis of encrypted traffic which is intercepted by the rule.

• Move the switch to ON to enable SSL interception.

• Select the default profile from the drop-down.
  

Selecting 'Default' will apply the HTTPS exceptions settings as configured in the firewall device. See the online help page https://help.comodo.com/topic-451-1-936-12835-HTTPS-Proxy.html for more details.

Content Flow Check Settings:

• Click 'Content Flow Check' to configure these settings:

• Intrusion Prevention - Enable/disable Snort intrusion detection technology on traffic intercepted by the rule. See 'Intrusion Prevention' for more details.
  Move the switch to ON to enable intrusion prevention.

• Move the toggle switch to ON position to enable intrusion prevention. 

• Select the default profile from the drop-down.

Selecting 'Default' will apply the rule settings configured in the 'Intrusion Prevention' interface. See 'Intrusion Prevention' for more details. 

• Application Detection - Enable or disable application identification rules on traffic intercepted by the rule. Application ID rules allow you to track the activities of applications on your network, allowing you to attribute  IPS events to applications.

• Move the switch to ON to enable application detection. 

• Select the default profile from the drop-down. 

Selecting 'Default' will apply the settings configured for the organization/device in the 'Intrusion Prevention > 'Application Identification' interface. See 'Manage Application Identification Rulesets' for more details.

Actions

• Action - Specify whether packets matching the rule should be allowed or denied. The available options are:

• Accept - The data packets will be allowed without filtering

• Drop - The packets will be denied.

• Reject - The packets will be rejected, and error packets will be sent in response

• Remark - Enter a short description of the rule. The description will appear in the 'Remark' column of the 'Rules' table

• Position - Set the priority of the rule in the list of rules. The rules will be applied on the inbound and outbound traffic in the order they appear on the list

• Click 'Save' to add the rule to central manager.

The rule will be applied to all target devices. You can view the view the application status and re-apply the rule if required from the 'Dashboard' > 'Tasks' interface. See View Management Tasks for more details.