Comodo Dome Firewall

• Introduction To Dome Cloud Firewall
  • Login To The Dome Cloud Firewall Module
  • Get Started
• The Dashboard
• The Main Interface
• View And Modify System Status And General Configuration
  • Configure GUI Settings
  • View And Update DCF Version
  • Create And Schedule Backup Of DCF State
    • Manually Create A Backup
    • Schedule Backup Operations
    • Encrypt Backup Archives
    • Export A Backup
    • Import A Backup Archive From A Local Computer
    • Roll Back DCF Sate To A Previous Time Point
    • Reset DFS State To Factory Defaults
• View Dome Cloud Firewall Status
  • System Status
  • Network Status
  • System Usage Summaries
  • Network Traffic
  • Network Connections
  • SSLVPN Connections
• Network Configuration
• Configure ICAP Services
• Manage Firewall Configuration
  • Firewall Objects
    • Manage Firewall Address Objects
    • Manage Firewall Object Groups
    • Manage Firewall Schedules
    • Active Directory Integration
  • Source Network Address Translation
  • Configure Virtual IP For Destination Network Address Translation
  • Configure System Access
  • Configure Firewall Policy Rules
    • Manage Firewall Policy Rules
    • Manage VPN Firewall Rules
• Configure HTTPS Proxy Services
• Configure Virtual Private Network Settings
  • SSL VPN Server
    • Configure General SSL VPN Server Settings
    • Manage SSL VPN Client Accounts
    • Configure Advanced SSL VPN Server Settings
    • Configure LDAP Server Settings
    • Configure Clients To Connect To Dome Cloud Firewall
  • SSLVPN Client
  • IPSec Configuration
  • L2TP Server Configuration
  • IPsec / L2TP Users Configuration
• View Logs
  • Realtime Logs
  • Configure Log Settings
• About Comodo Security Solutions

Manage SSL VPN Client Accounts

The  'Accounts' interface allows you to add and manage user accounts for external clients to connect to the VPN server. Please note that user details should be configured before their endpoints are configured to connect to DCF. See 'Configure Clients to Connect to DCF' for more details on how to connect individual clients to DCF.

To manage the user accounts

• Click 'VPN' > 'SSLVPN Server' from the left hand side navigation

• Click the 'Accounts' tab.

A list of existing user accounts will be displayed.

SSL VPN Server Account Configuration table - Column Descriptions
Column	Description
Username	The user name of the account with which the client can log-in to the server.
Remote nets	The network subnet address of the VPN gateway server for the client to connect to VPN.
Push nets	The network(s) whose routes are pushed to the client, once it is connected.
Static ip	If a static IP address is assigned to the remote client, the IP address will be displayed.
Actions	Displays controls for enabling, editing and deleting the account. - Enable or disable the account.  - Edit/configure the account. Editing/configuring an account is similar to adding an account. See adding a new user account for more details. - Removes the entry.

To add a new user account

• Click the 'Add account' button. The 'Add new user' pane will open:
  
  

Account information

Admins should specify the username and password for the account. These credentials will need to be entered in the SSL VPN client to authenticate to the server.

• Username - Enter a username for the account

• Password - Enter a password for the account

• Verify password - re-enter the password for confirmation

Client routing

Configure traffic routing to the client.

• Direct all client traffic through the VPN server - Select this option if you want all incoming and outgoing client traffic to pass through the VPN server

• Push only global options to this client - The server will only provide network routes, name servers and domains which have been added to 'Global Push Options' in 'Advanced Settings'. See Configure Advanced SSL VPN Server Settings for more details.

• Push only these networks - Allows you to push specific network routes to the client. Leave this blank if you wish to push all available routes.

Custom push configuration

• Static IP addresses - If you wish to assign static IP addresses for clients using this account, enter the IP addresses in CIDR format. To avoid IP address clashes, we advise you specify static IP addresses outside the dynamic IP address pool specified in the Server Configuration tab.

• Push these name servers - If you want clients to use specific name servers for DNS resolution, enter the IP addresses of the name servers in the text field.

• Push domain - If you want clients on this account to use a specific search domain then enter it here. The search domain is used to identify servers and resources in the VPN network.

• Click 'Save'. The SSL VPN server must be restarted for the account to become active.

• Click 'Restart SSL VPN server' to instantly restart the server.

You can download the server certificate and the SSL VPN client configuration file from the 'Accounts' interface. Both items should be installed on your remote workstations to enable the connection. The server certificate type for authentication can be configured under 'Advanced' tab > Authentication Settings.

• Click the 'Download CA certificate' link to download the server certificate.

• Click the 'Download Client Configuration' link to download the SSL VPN client configuration file in .ovpn format.

During the configuration of the client to connect to DCF, the username and password specified for the account should be provided. By default, only one client is allowed to connect to the server per account. Select 'Allow multiple connections from one account' to enable several clients at different locations to share a single account (under the 'Advanced' tab.

See 'Configure Clients to Connect to DCF' for more details about how to connect individual clients to DCF.