Comodo Help
Find the desired product help
Comodo Dome Firewall

Comodo Dome Firewall

Dome Cloud Firewall Admin Guide

English

Print Help Download Help
Configure Virtual Private Network Settings > SSL VPN Server > Configure Advanced SSL VPN Server Settings
  • Introduction To Dome Cloud Firewall
    • Login To The Dome Cloud Firewall Module
    • Get Started
  • The Dashboard
  • The Main Interface
  • View And Modify System Status And General Configuration
    • Configure GUI Settings
    • View And Update DCF Version
    • Create And Schedule Backup Of DCF State
      • Manually Create A Backup
      • Schedule Backup Operations
      • Encrypt Backup Archives
      • Export A Backup
      • Import A Backup Archive From A Local Computer
      • Roll Back DCF Sate To A Previous Time Point
      • Reset DFS State To Factory Defaults
  • View Dome Cloud Firewall Status
    • System Status
    • Network Status
    • System Usage Summaries
    • Network Traffic
    • Network Connections
    • SSLVPN Connections
  • Network Configuration
  • Configure ICAP Services
  • Manage Firewall Configuration
    • Firewall Objects
      • Manage Firewall Address Objects
      • Manage Firewall Object Groups
      • Manage Firewall Schedules
      • Active Directory Integration
    • Source Network Address Translation
    • Configure Virtual IP For Destination Network Address Translation
    • Configure System Access
    • Configure Firewall Policy Rules
      • Manage Firewall Policy Rules
      • Manage VPN Firewall Rules
  • Configure HTTPS Proxy Services
  • Configure Virtual Private Network Settings
    • SSL VPN Server
      • Configure General SSL VPN Server Settings
      • Manage SSL VPN Client Accounts
      • Configure Advanced SSL VPN Server Settings
      • Configure LDAP Server Settings
      • Configure Clients To Connect To Dome Cloud Firewall
    • SSLVPN Client
    • IPSec Configuration
    • L2TP Server Configuration
    • IPsec / L2TP Users Configuration
  • View Logs
    • Realtime Logs
    • Configure Log Settings
  • About Comodo Security Solutions

Configure Advanced SSL VPN Server Settings


The 'Advanced' interface allows you to configure the connection port and protocol for the VPN server, global push options and authentication settings.


To configure the advanced settings for the SSL VPN server
  • Click 'VPN' > 'SSLVPN Server' from the left hand side navigation
  • Click the 'Advanced' tab.




The 'Advanced' interface contains three areas: 

  • Advanced Settings 
  • Global Push Options
  • Authentication Settings
     

Advanced Settings




  • Port – Specify the port for listening to the VPN client requests. (Default = 1194). The administrator can also create port forwarding rules under Firewall > Port forwarding / NAT, to allow multiple ports to listen to the requests and forward them to the default port.
  • Protocol – Choose the protocol to be used for VPN connections. (Default = UDP)
  • Block DHCP responses coming from tunnel – Select this option, if you wish to block the DHCP responses from the network at the other side of the VPN tunnel that conflict with the local DHCP server.
  • Don't block traffic between clients – By default, the VPN server does not allow the data traffic between the VPN clients connected to it. If you wish to allow the data transfer among the VPN clients, select this check box.
  • Allow multiple connections from one account –  By default, for a single user account, only one client can connect to the VPN server. If you wish to allow several clients at different locations to connect to the server using the same account, select this option. However, if several clients are using a single account, the VPN firewall rules will not be applied. 
  • Click 'Save and restart'. The VPN server will be restarted for your configuration changes to take effect.
     

Global Push Options




  • Push these networks – If you wish the routes to specific networks are to be pushed to all the clients that connect to the VPN server. Select the 'Enable' checkbox and enter the network addresses/subnet masks in the text field. 
  • Push these nameservers – If you wish the clients to use specific name servers for DNS resolution, select the 'Enable' checkbox and enter the IP addresses of the name servers in the text box.
  • Push domain - If you wish to specify a specific search domain for all the clients, to identify the servers and network resources in the VPN network, select the 'Enable' checkbox and enter the domain name in the text box.
  • Click 'Save and restart'. The VPN server will be restarted for your configuration changes to take effect.

Authentication Settings


The SSL VPN server deployed in Comodo Dome Cloud Firewall allows three types of authentication for the clients to authenticate themselves to the server.

  • Public Shared Key (PSK)
    • X.509 certificate
      • X.509 certificate and PSK (two factor)


      PSK (username/password)

       

      The PSK authentication type requires the CA public certificate to be installed onto the clients and entering username and password of the account created for the client under 'Accounts' tab, for the client to authenticate itself to the server.

      On selecting the PSK type, the administrator can download the public certificate generated by the VPN server for deployment onto the clients. The interface also allows the administrator to export the certificate for deployment onto other SSL VPN server configured as fall back server and import the certificate from primary SSL VPN server, if this DCF is configured as fallback server. 
      • To select the PSK authentication type, select the PSK radio button.




      Certificate Management

      • To download the public certificate in .cer format for deployment on to the clients, click 'Download CA certificate' and save the certificate.

      • To export the certificate as a PKCS#12 certificate in .p12 format, click 'Export CA as PKCS#12 file' and save the file. This file can be transferred and imported on to other SSL VPN appliance configured as fallback server.

      Importing the certificate


      If the SSL VPN server deployed in the DCF appliance is configured as fallback server for a different primary SSL VPN server, the administrator needs to import the public certificate generated by/issued for the primary server.


      Prerequisite - The certificate needs to be exported as a PKCS#12 certificate from the server or to be downloaded from the CA that has issued the certificate and stored locally in the computer from which the DCF appliance administrative console is accessed.


      To import the certificate

      • Click 'Browse' beside the PKCS#12 file text box and navigate to the location of the certificate stored in the local computer or the network and click Open.
      • Enter the challenge password to access the certificate in the 'Challenge password' text box.
      • Click 'Save and restart'.

      The certificate will be imported and the VPN server will be restarted for your configuration to take effect.


      X.509 certificate


      DCF allows the deployment of server certificate and client certificates obtained from an external CA. The X.509 authentication type requires the administrator to obtain:

      •  A Server certificate with the fields C = IT, O = efw and CN = 127.0.01 from an external CA for uploading to the SSL VPN server
      • A Client certificate for each client with the Common Name field = The 'username' of the client account configured under the 'Accounts' tab, for installation at the SSL VPN client.
      • To select the X.509 authentication type, select the X.509 radio button.




      Certificate Management


      Prerequisite - The certificate needs to be downloaded as a X.509 certificate from from the CA that has issued the certificate and stored locally in the computer from which the DCF administrative console is accessed. 


      • To import the server certificate obtained from an external CA click 'Choose File', navigate to the location on your computer where the certificate is stored in X.509 format and click 'Open', enter the password entered for storing the private key of the certificate in the challenge password field and click 'Save and restart'. The certificate will be installed automatically and the VPN Server will restart for the installation to take effect.
      • Certificate Revocation - The administrator can specify a certificate revocation list to confirm that the imported certificate is valid.

      X.509 certificate and PSK (two factor)


      The X.509 and PSK authentication type requires both the server and client certificates obtained from an external CA to be installed on the server and on the clients respectively and entering the username and password of the account created for the clients under 'Accounts' tab, for the client to authenticate itself to the server.

      See the explanations under PSK (Username/Password) and X.509 certificate above.
      Our Products
      • Free Antivirus
      • Free Internet Security
      • Website Malware Removal
      • Free Anti-Malware
      • Anti-Spam (Free Trial)
      • Windows Antivirus
      • Antivirus for Windows 7
      • Antivirus for Windows 8
      • Antivirus for Windows 10
      • Antivirus for MAC
      • Antivirus for Linux
      • Free Endpoint Security
      • Free ModSecurity
      • Free RMM
      • Free Website Malware Scanner
      • Free Device Manager for Android
      • Free Demo
      • Network Security
      • Endpoint Protection
      • Antivirus for Android
      • Comodo Antivirus
      • Wordpress Security
      Cheap CDN
      • Bootstrap CDN
      • Semantic UI CDN
      • Jquery CDN
      • CDN Plans
      • CDN
      • Free CDN
      Enterprise
      • Patch Management Software
      • Patch Manager
      • Service Desk
      • Website Down
      • Endpoint Protection Solutions
      • Website Security Check
      • Remote Monitoring and Management
      • Website Security
      • Device Manager
      • ITSM
      • CRM
      • MSP
      • Android Device Manager
      • MDR Services
      • Managed IT Support Services
      • Free EDR
      Free SSL Certificate
      Support Partners Terms and Conditions Privacy Policy

      © Comodo Group, Inc. 2025. All rights reserved.