Comodo Dome Firewall

• Introduction To Comodo Dome Firewall - Virtual Appliance
  • Install Dome Firewall And Login To The Administrative Console
• The Main Interface
• The Dashboard
• View And Modify System Status And General Configuration
  • Manage Admin Accounts
    • Add And Manage Administrators
    • Manage Administrative Roles
  • License Activation
  • SNMP Settings
  • Central Management
  • Configure SSH Access
  • High Availability
  • View And Update Firmware Version
  • Create And Schedule Backup Of DFW State
    • Manually Create A Backup
    • Schedule Backup Operations
    • Encrypt Backup Archives
    • Export A Backup
    • Import A Backup Archive From A Local Computer
    • Roll Back The Virtual Appliance To A Previous Time Point
    • Reset The Virtual Appliance To Factory Defaults
  • Shutdown Or Restart The Dome Firewall Virtual Appliance
• View DFW Virtual Appliance Status
  • System Status
  • Network Status
  • System Usage Summaries
  • Network Traffic
  • Network Connections
  • SSLVPN Connections
• Network Configuration
  • Configure Interface Devices, Uplinks And VLANs
    • Configure Interface Devices
    • Add And Manage Gateway Uplink Devices
    • Create VLANs
  • Routes
    • Add And Manage Static Routes
    • Add And Manage Policy Routing Rules
• Configure DFW Virtual Appliance Services And Protection Settings
  • DHCP Server
  • Advanced Threat Protection
    • Manage The ATP Profiles
    • Comodo Antivirus
  • Time Server
  • Intrusion Prevention
    • Configure Intrusion Prevention System
    • Manage IPS Rulesets
    • Manage Application Identification Rulesets
  • Configure Wireless Hotspot
    • Configure Captive Portal Service
    • Customize The Login Page
    • Add And Manage Permanent Users
  • Internet Content Adaptation Protocol
  • Quality Of Service
• Manage Firewall Configuration
  • Firewall Objects
    • Manage Firewall Address Objects
    • Manage Firewall Object Groups
    • Manage Firewall Schedules
    • Active Directory Integration
  • Destination Network Address Translation
  • Source Network Address Translation
  • Configure System Access
  • Configure Firewall Policy Rules
    • Manage Firewall Policy Rules
    • Manage VPN Firewall Rules
• Configure Proxy Services
  • HTTP/HTTPS Proxy Server
    • Configure URL And Content Filtering
    • HTTPS Proxy
• Configure Virtual Private Network Settings
  • SSL VPN Server
    • Configure General SSL VPN Server Settings
    • Manage SSL VPN Client Accounts
    • Configure Advanced SSL VPN Server Settings
    • Configure Clients To Connect To Dome Firewall
  • IPsec Configuration
  • Configure L2TP Server
  • Configure IPSec/L2TP Users
• View Logs
  • Realtime Logs
  • Configure Log Settings
  • Generate Reports
• Appendix - Minimum Requirements For Software Installations

Configure General SSL VPN Server Settings

This section allows you to:

• Enable/disable the SSL VPN server

• Configure the local network zone to which the connection should be bridged.

• Dynamically assign IP addresses to clients connecting to the server.

• Download the SSL certificate that clients need to authenticate themselves to DFW. See 'Configure Clients to Connect to DFW' for help to to establish connections between individual clients and Dome Firewall.
  

To configure general settings for SSL VPN Server

• Click 'VPN' > 'SSLVPN Server' on the left hand-menu

• Click the 'Server Configuration' tab:

• SSLVPN server enabled - Enable or disable the SSL VPN server

• Bridged – Select whether or not the SSL VPN Server should be bridged to any of the internal network zones..

• If 'Bridged' mode is enabled, you have to specify the internal network zone to which the server is to be mapped. You can also specify the start and end addresses of the pool from which addresses should be assigned to clients.

• Bridge to – The drop-down shows the internal network zones connected to the interfaces of the firewall. Choose the local network zone to which the server should be bridged.

• Dynamic IP pool start/end addresses - Enter the first and last addresses of the pool from which IP addresses are dynamically assigned to clients connecting to the server. These addresses should be from the subnet of the network zone to which the server is bridged. All traffic from these addresses will pass through the firewall, if enabled for the zone. See 'Manage Firewall Policy Rules' for more details.

• If 'Bridged' mode is disabled, specify the VPN subnet from which the IP addresses are to be assigned to the clients. Ensure that the VPN subnet is different from the subnets of the network zones configured in the firewall. In order for the clients assigned with IP addresses from this subnet to access the internal network zones, appropriate firewall rules are to be added to the policy. See 'Manage Firewall Policy Rules' for more details.

• VPN Subnet – Enter the subnet from which the IP addresses are to be dynamically assigned to the clients.

• Encryption – Select the encryption bit strength of the server certificate to be generated. The available options are 1024. 2048 and 4096 bits

• Click 'Save and Restart' to apply your changes.

• Click 'Download CA certificate' to download the server certificate for export to the clients. The certificate can also be downloaded from the 'Accounts' interface. For more details on certificate settings, see Configure Advanced SSL VPN Server Settings > Authentication Settings.

The lower pane of the interface displays a list of active SSL VPN connections to the server with their connection statistics. Admins can terminate unwanted VPN connections should they wish.

See 'Configure Clients to Connect to DFW' (later in this section) for more details on how to connect individual clients to DFW.