Comodo Help
Find the desired product help
Comodo Dome Firewall

Comodo Dome Firewall

Dome Cloud Firewall Admin Guide

English

Print Help Download Help
Manage Firewall Configuration > Configure Virtual IP For Destination Network Address Translation
  • Introduction To Dome Cloud Firewall
    • Login To The Dome Cloud Firewall Module
    • Get Started
  • The Dashboard
  • The Main Interface
  • View And Modify System Status And General Configuration
    • Configure GUI Settings
    • View And Update DCF Version
    • Create And Schedule Backup Of DCF State
      • Manually Create A Backup
      • Schedule Backup Operations
      • Encrypt Backup Archives
      • Export A Backup
      • Import A Backup Archive From A Local Computer
      • Roll Back DCF Sate To A Previous Time Point
      • Reset DFS State To Factory Defaults
  • View Dome Cloud Firewall Status
    • System Status
    • Network Status
    • System Usage Summaries
    • Network Traffic
    • Network Connections
    • SSLVPN Connections
  • Network Configuration
  • Configure ICAP Services
  • Manage Firewall Configuration
    • Firewall Objects
      • Manage Firewall Address Objects
      • Manage Firewall Object Groups
      • Manage Firewall Schedules
      • Active Directory Integration
    • Source Network Address Translation
    • Configure Virtual IP For Destination Network Address Translation
    • Configure System Access
    • Configure Firewall Policy Rules
      • Manage Firewall Policy Rules
      • Manage VPN Firewall Rules
  • Configure HTTPS Proxy Services
  • Configure Virtual Private Network Settings
    • SSL VPN Server
      • Configure General SSL VPN Server Settings
      • Manage SSL VPN Client Accounts
      • Configure Advanced SSL VPN Server Settings
      • Configure LDAP Server Settings
      • Configure Clients To Connect To Dome Cloud Firewall
    • SSLVPN Client
    • IPSec Configuration
    • L2TP Server Configuration
    • IPsec / L2TP Users Configuration
  • View Logs
    • Realtime Logs
    • Configure Log Settings
  • About Comodo Security Solutions

Configure Virtual IP for Destination Network Address Translation


DCF allows you to redirect service-specific traffic from a port on a host or interface to another host/port combination. Virtual IP rules can be used to limit access from untrusted external networks to the hosts in the network infrastructure


Examples:

 

1. Virtual IP rules can be used to publish services on a private host through a public IP address. For example, If a service is hosted on a server within the LAN, it can be made accessible at the IP address/port combination of an uplink device connected to the appliance.


2. DCF blocks SSH connection requests from untrusted external IP addresses to any host within the DMZ zone by default. If required, rules can be created to allow SSH access to a specific host in the DMZ.


Virtual IP rules can also be created for:

  • Load distribution - Distribute traffic directed to a single host to a range of IP addresses to avoid bottlenecks and overloading a single IP. 
  • Network Mapping - Translate incoming traffic to a different sub-network. The network translation statically maps the addresses of a whole network onto addresses of another network. 

Virtual IP rules can be created and managed from the 'Virtual IP' interface.

  • To open interface, click 'Firewall' > 'Virtual IP' on the left.




The 'Virtual IP' interface displays a list of the Virtual IP rules and allows the administrator to create new rules.


DNAT Table - Column Descriptions

Column

Description

Name

Name to identify the rule.

Comment

A short description of the rule.

Interface

The interface through which the traffic is received.

External IP

The external IP address to which traffic is sent.

Mapped IP

The IP address/IP range of the destination host/device to which traffic is redirected.

Protocol

The protocol used by the service.

External Service Port

The port or port range on the host(s)/device(s) to which the traffic is directed.

Map to Port

The port or port range on the destination host to which traffic is redirected.

Actions

Displays control buttons for managing the rule.

 - Opens the 'Edit' interface and enables to edit the parameters of the rule. The Edit interface is similar to Add Rule interface. See Creating a Virtual IP rule for more details.

 - Removes the rule.


Creating a Virtual IP rule

Virtual IP rules can be created from the 'Add a Virtual IP' pane.


To create a DNAT rule 

  • Open the 'Virtual IP' interface by clicking the 'Firewall' > 'Virtual IP' from the left hand side navigation
  • Click the 'Add a Virtual IP' link at the top left 

The 'Add a Virtual IP' pane will open.



  • Enter the parameters for the new rule as shown below: 
Name – Enter a name to identify the rule.

Comment – Enter a short description of the rule.


Interface – Specify the interface through which the traffic is forwarded.


External IP Address/Range - Specify the External IP address(es) to which the connection request is received. You can enter a single IP address or a range. 

  • If the traffic is directed to a single IP address, enter the address in both the fields.  
  • If the traffic is directed to a range of IP addresses, enter the start and end addresses in the respective fields. 

Mapped IP Address/Range - Specify the IP address(es) of the destination to which the traffic has to be redirected. You can enter a single IP address or a range. 

  • If the traffic is to be redirected to a single IP address, enter the address in both the fields. 
  • If the traffic is to be redirected to a range of IP addresses, enter the start and end addresses in the respective fields. 

Protocol - Choose the protocol used by the service


External Service Port - Specify the port/port range to which the traffic is directed. 

  • If the traffic is directed to a single port, enter the port number in both the fields.
  • If the traffic is directed to a port range, enter the start and end port numbers in the respective fields. 

Map to Port - Specify the port/port range to which the traffic is to be redirected. 

  • If the traffic is to be redirected to a single port, enter the port number in both the fields. 
  • If the traffic is to be redirected to a port range, enter the start and end port numbers in the respective fields. 
  • Click 'Add' to save the rule. The rule will take effect immediately. 
Virtual IP rule management activities are logged. Items logged include date, time, type of event, subject id, component name and event outcome.

Our Products
  • Free Antivirus
  • Free Internet Security
  • Website Malware Removal
  • Free Anti-Malware
  • Anti-Spam (Free Trial)
  • Windows Antivirus
  • Antivirus for Windows 7
  • Antivirus for Windows 8
  • Antivirus for Windows 10
  • Antivirus for MAC
  • Antivirus for Linux
  • Free Endpoint Security
  • Free ModSecurity
  • Free RMM
  • Free Website Malware Scanner
  • Free Device Manager for Android
  • Free Demo
  • Network Security
  • Endpoint Protection
  • Antivirus for Android
  • Comodo Antivirus
  • Wordpress Security
Cheap CDN
  • Bootstrap CDN
  • Semantic UI CDN
  • Jquery CDN
  • CDN Plans
  • CDN
  • Free CDN
Enterprise
  • Patch Management Software
  • Patch Manager
  • Service Desk
  • Website Down
  • Endpoint Protection Solutions
  • Website Security Check
  • Remote Monitoring and Management
  • Website Security
  • Device Manager
  • ITSM
  • CRM
  • MSP
  • Android Device Manager
  • MDR Services
  • Ransomware Prevention
  • Managed IT Support Services
  • Free EDR
Free SSL Certificate
Support Partners Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2024. All rights reserved.