Comodo Help
Find the desired product help
Comodo Dome Firewall

Comodo Dome Firewall

Dome Firewall Virtual Appliance Admin Guide

English

Print Help Download Help
Configure Virtual Private Network Settings > SSL VPN Server > Manage SSL VPN Client Accounts
  • Introduction To Comodo Dome Firewall - Virtual Appliance
    • Install Dome Firewall And Login To The Administrative Console
  • The Main Interface
  • The Dashboard
  • View And Modify System Status And General Configuration
    • Manage Admin Accounts
      • Add And Manage Administrators
      • Manage Administrative Roles
    • License Activation
    • SNMP Settings
    • Central Management
    • Configure SSH Access
    • High Availability
    • View And Update Firmware Version
    • Create And Schedule Backup Of DFW State
      • Manually Create A Backup
      • Schedule Backup Operations
      • Encrypt Backup Archives
      • Export A Backup
      • Import A Backup Archive From A Local Computer
      • Roll Back The Virtual Appliance To A Previous Time Point
      • Reset The Virtual Appliance To Factory Defaults
    • Shutdown Or Restart The Dome Firewall Virtual Appliance
  • View DFW Virtual Appliance Status
    • System Status
    • Network Status
    • System Usage Summaries
    • Network Traffic
    • Network Connections
    • SSLVPN Connections
  • Network Configuration
    • Configure Interface Devices, Uplinks And VLANs
      • Configure Interface Devices
      • Add And Manage Gateway Uplink Devices
      • Create VLANs
    • Routes
      • Add And Manage Static Routes
      • Add And Manage Policy Routing Rules
  • Configure DFW Virtual Appliance Services And Protection Settings
    • DHCP Server
    • Advanced Threat Protection
      • Manage The ATP Profiles
      • Comodo Antivirus
    • Time Server
    • Intrusion Prevention
      • Configure Intrusion Prevention System
      • Manage IPS Rulesets
      • Manage Application Identification Rulesets
    • Configure Wireless Hotspot
      • Configure Captive Portal Service
      • Customize The Login Page
      • Add And Manage Permanent Users
    • Internet Content Adaptation Protocol
    • Quality Of Service
  • Manage Firewall Configuration
    • Firewall Objects
      • Manage Firewall Address Objects
      • Manage Firewall Object Groups
      • Manage Firewall Schedules
      • Active Directory Integration
    • Destination Network Address Translation
    • Source Network Address Translation
    • Configure System Access
    • Configure Firewall Policy Rules
      • Manage Firewall Policy Rules
      • Manage VPN Firewall Rules
  • Configure Proxy Services
    • HTTP/HTTPS Proxy Server
      • Configure URL And Content Filtering
      • HTTPS Proxy
  • Configure Virtual Private Network Settings
    • SSL VPN Server
      • Configure General SSL VPN Server Settings
      • Manage SSL VPN Client Accounts
      • Configure Advanced SSL VPN Server Settings
      • Configure Clients To Connect To Dome Firewall
    • IPsec Configuration
    • Configure L2TP Server
    • Configure IPSec/L2TP Users
  • View Logs
    • Realtime Logs
    • Configure Log Settings
    • Generate Reports
  • Appendix - Minimum Requirements For Software Installations

Manage SSL VPN Client Accounts

 

  • The 'Accounts' interface lets you add and manage user accounts for external clients to connect to the VPN server.
  • Please note that user details should be configured before their endpoints are configured to connect to DFW
  • See 'Configure Clients to Connect to DFW' for more details on how to connect clients to DFW. 
  • 'SSL VPN' server is available as a firewall object. This object can be used as a source or destination when creating VPN FW rules for that user.

To manage user accounts

  • Click 'VPN' > 'SSLVPN Server' in the left-hand side navigation
  • Click the 'Accounts' tab.




A list of existing user accounts will be displayed.


SSL VPN Server Account Configuration table - Column Descriptions

Column

Description

Username

The user account authorized to log-in to the server via the external client.

Remote nets

The subnet address of the network behind to the client once it connected.

Push nets

The network(s) whose routes will be pushed to the client, once it is connected.

Static ip

The static IP address of the remote client, if assigned.

Actions

Displays controls for enabling, editing and deleting the account.


- Enable or disable access for the account.


 - Edit account configuration. The interface for editing an account is similar to that for adding an account adding a new user account for more details.


- Removes the entry.


To add a new user account

  • Click the 'Add account' button to open the 'Add User' screen:



Account information


Specify the username and password of the account. These credentials are needed to authenticate the SSL VPN client to the server.

  • Username - Enter a username for the account
  • Password - Enter a password for the account
  • Verify password - re-enter the password for confirmation

Client routing


Configure traffic routing to the client.
  • Direct all client traffic through the VPN server - Select if you want all incoming and outgoing client traffic to pass through the VPN server, regardless of the destination. If not selected, traffic from the client to any external networks will pass directly through the uplink of the client.
  • Push only global options to this client - The server will only provide network routes, name servers and domains which have been added to 'Advanced Settings' > 'Global Push Options'. It will not update the routing tables of the client. See Configure Advanced SSL VPN Server Settings for more details.

Note: By default, the routing tables of the client are automatically added with the tunneled routes to network zones accessible through the VPN server. This enables the client to connect to various network zones connected to the Dome Firewall. Select 'Push only global options to this client' only if you do not want the routing tables to be automatically updated. If chosen, the routing tables of the client are to be manually updated for the client to connect to the internal network zones.


  • Push route to WIFI zone - Instructs the server to communicate the route to the internal Wi-Fi zone, so that the client can connect to hosts in the Wi-Fi zone in the local network infrastructure.(Available only if Wi-Fi network zone is configured in the DFW device)
  • Push route to DMZ zone - Instructs the server to push the route to the internal DMZ zone, so that the client can connect to the hosts in the DMZ zone in the local network infrastructure. (Available only if DMZ network zone is configured in the DFW device)
  • Networks behind client - If the client is to be connected to the VPN server in Gateway-to-Gateway setup, enter the subnet address of the network behind the client.
  • Push only these networks - Specify the local network routes to be pushed the client. Leave this blank if you wish to push all available routes.

Custom push configuration

  • Static IP addresses - If you wish to assign static IP addresses for clients using this account, enter the IP addresses in CIDR format. To avoid IP address clashes, we advise you specify static IP addresses outside the dynamic IP address pool specified in the Server Configuration tab.
  • Push these name servers - If you want clients to use specific name servers for DNS resolution, enter the IP addresses of the name servers in the text field.
  • Push domain - If you want clients on this account to use a specific search domain then enter it here. The search domain is used to identify servers and resources in the VPN network.
  • Click 'Save'. The SSL VPN server must be restarted for the account to become active.
  • Click 'Restart SSL VPN server' to instantly restart the server.
You can download the server certificate and the SSL VPN client configuration file from the 'Accounts' interface. The certificates can be installed on remote workstations to enable clients to connect. The server certificate type for authentication can be configured in the 'Advanced' tab > Authentication Settings.
  • Click the 'Download CA certificate' link to download the server certificate.
  • Click the 'Download Client Configuration' link to download the SSL VPN client configuration file in .ovpn format.

During the configuration of the client to connect to DFW, the username and password specified for the account should be provided. By default, only one client is allowed to connect to the server per account. Select 'Allow multiple connections from one account' to enable several clients at different locations to share a single account (under the 'Advanced' tab.


See 'Configure Clients to Connect to DFW' for more details about how to connect individual clients to DFW.

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • EDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2023. All rights reserved.