Comodo Dome Firewall

• Introduction To Comodo Dome Firewall - Virtual Appliance
  • Install Dome Firewall And Login To The Administrative Console
• The Main Interface
• The Dashboard
• View And Modify System Status And General Configuration
  • Manage Admin Accounts
    • Add And Manage Administrators
    • Manage Administrative Roles
  • License Activation
  • SNMP Settings
  • Central Management
  • Configure SSH Access
  • High Availability
  • View And Update Firmware Version
  • Create And Schedule Backup Of DFW State
    • Manually Create A Backup
    • Schedule Backup Operations
    • Encrypt Backup Archives
    • Export A Backup
    • Import A Backup Archive From A Local Computer
    • Roll Back The Virtual Appliance To A Previous Time Point
    • Reset The Virtual Appliance To Factory Defaults
  • Shutdown Or Restart The Dome Firewall Virtual Appliance
• View DFW Virtual Appliance Status
  • System Status
  • Network Status
  • System Usage Summaries
  • Network Traffic
  • Network Connections
  • SSLVPN Connections
• Network Configuration
  • Configure Interface Devices, Uplinks And VLANs
    • Configure Interface Devices
    • Add And Manage Gateway Uplink Devices
    • Create VLANs
  • Routes
    • Add And Manage Static Routes
    • Add And Manage Policy Routing Rules
• Configure DFW Virtual Appliance Services And Protection Settings
  • DHCP Server
  • Advanced Threat Protection
    • Manage The ATP Profiles
    • Comodo Antivirus
  • Time Server
  • Intrusion Prevention
    • Configure Intrusion Prevention System
    • Manage IPS Rulesets
    • Manage Application Identification Rulesets
  • Configure Wireless Hotspot
    • Configure Captive Portal Service
    • Customize The Login Page
    • Add And Manage Permanent Users
  • Internet Content Adaptation Protocol
  • Quality Of Service
• Manage Firewall Configuration
  • Firewall Objects
    • Manage Firewall Address Objects
    • Manage Firewall Object Groups
    • Manage Firewall Schedules
    • Active Directory Integration
  • Destination Network Address Translation
  • Source Network Address Translation
  • Configure System Access
  • Configure Firewall Policy Rules
    • Manage Firewall Policy Rules
    • Manage VPN Firewall Rules
• Configure Proxy Services
  • HTTP/HTTPS Proxy Server
    • Configure URL And Content Filtering
    • HTTPS Proxy
• Configure Virtual Private Network Settings
  • SSL VPN Server
    • Configure General SSL VPN Server Settings
    • Manage SSL VPN Client Accounts
    • Configure Advanced SSL VPN Server Settings
    • Configure Clients To Connect To Dome Firewall
  • IPsec Configuration
  • Configure L2TP Server
  • Configure IPSec/L2TP Users
• View Logs
  • Realtime Logs
  • Configure Log Settings
  • Generate Reports
• Appendix - Minimum Requirements For Software Installations

Install Dome Firewall and Login to the Administrative Console

• How to Install the Virtual Appliance

• Initial Configuration

How to Install the Virtual Appliance

• Download the setup file, install the appliance and activate your license.

• The virtual appliance setup file is available in two formats:

• .OVA File

• .ISO File

• Please ensure your PC meets the following minimum requirements:

• 1 x Intel or equivalent CPU

• 2 GB RAM

• 4 GB Storage

• 2 x 1 GbE NIC

Install from OVA File

• Download the .ova file from https://download.comodo.com/dome-repo/dome-fw-image/domefirewall.ova.

• Import the virtual appliance into a virtual server such as Virtualbox or Vmware.

• Important Note: Select 'Reinitialize the MAC address of all network cards' when importing in order to avoid conflicts between the network adapters of the firewall device and the host machine.

Install from ISO File

• Download the .iso file from https://download.comodo.com/dome-repo/dome-fw-image/domefirewall.iso.

• Create a CentOS virtual machine on a virtual server such as Virtualbox or Vmware.

• Install the firewall virtual appliance from the .iso file

Initial Configuration

Login to the management console at https://192.168.0.15:10443. The default credentials are: Username - admin and Password - comodo

The firewall requires you to change the default password after first login. Please choose a strong password that contains a mix of upper and lower case letters, numbers and special characters. We also recommend regularly changing your password as best security practice.

Once logged in, first configure the related ports for your network:

1. To setup network settings, click on 'Network' > 'Interfaces' in the menu on the left. You will find that port 1 is already configured with IP: 192.168.0.15 and Subnet mask : 255.255.255.0

2. For your INTERNET connection please use any port other than your LAN port (port 1) with your WAN IP and subnet configuration. See Network Configuration for more details.

3. For your DMZ connection please use any port other than INTERNET and LAN ports with necessary IP and subnet information. You can find an example configuration below.

4. After configuring INTERNET and DMZ interfaces, you just have to configure your LAN interface so that it will include your own LAN subnet IP and mask.

5. You need to create a 'System Access' rule so hosts in your network zones can access basic firewall services.
   

• Dome Firewall Virtual Appliance ships with a set of pre-configured rules that allow hosts in different zones to access basic services like DNS (port 53), the firewall admin interface (port 10443); and DHCP (port 67).

• You need to create a system access rule to ensure that hosts in the network zones can initially access firewall services.

• You can edit the rule to restrict access from specific hosts in and services at anytime.

To add a system Access' rule to allow traffic from all network zones

• Click 'Firewall' on the left and select 'System Access'

• Click the 'Add a New System Access Rule' link in the 'Current Rules' pane

• Enter the parameters for the new rule as shown below:

• Incoming Interface - Select 'Any' from the drop-down to allow access from hosts from all network zones connected to the firewall through different ports

• Source Address - Leave the field blank

• Service/Port - Select the type or the service hosted by the source, the protocol and the port used by the service.

• Service - Choose 'Any' to allow traffic pertaining to all services

• Protocol - Choose 'Any' from the drop-down

• Destination port - Leave the field blank

• Policy - Choose 'Allow' from the drop-down, to pass the packets from the all sources to their destined ports of the firewall device.

• Enabled - Leave enabled to activate the rule after saving.

• Remark - Enter a short description of the rule.

• Position - Set the priority for the rule to 'First' in the list of 'System Access' rules list. The rules in the iptables are processed in the order they appear on the list.

• Log all accepted packets - Select if you want packets allowed by the rule to be logged. See View Logs for more details on configuring storage of logs and viewing the logs.

• Click 'Add Rule'.

• The new rule will be added and applied.

• You can edit this rule at a later time to restrict access from hosts in selected network zones to selected services as required.

6. After configuring the Interfaces and the system access rule, you have to allow any traffic from LAN zone to INTERNET zone so that you will be able to reach internet sources before applying any complex or specific firewall policies.

Firewall Policies can be configured in the 'Policy Firewall' interface.

• Click Firewall > Firewall in the left-hand navigation

• Select the 'Policy Firewall' tab.

• More details on policy rules are available in Manage Firewall Policy Rules.