Announcement

Collapse
No announcement yet.

How to Setup Dome Shield

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to Setup Dome Shield

    Setting up Dome Shield is easy. It will only take a couple of minutes before you start enforcing web access policies, preventing advanced threats and monitoring all these activities.

    I wanted to share some quick tips about how to setup your Dome Shield within just a few minutes.




    Using your Internet Gateway Device(routers/firewalls/utms):

    This will help you to create a single policy for the entire company and track web access/threat overview of the location’s internet gateway.

    Easiest and fastest way to setup. You will get boundary security and company web access policy applied to every single internet connected device behind the router, including endpoints, servers and even IoT enabled devices.

    How-to:
    1. Login to C1 portal and click Licensed Apps > Dome Shield
    2. In Shield Portal go to Configure > Locations
    3. Add your external IP address and give it a name. (If you don’t know your external IP address just open google and type “what’s my IP”.)
    4. Login to internet gateway of your network (router or firewall)
    5. Locate DNS Server Settings (generally located under Network > WAN Settings) and set 8.26.56.10 - 8.20.247.10
    6. Done!
    Note: Some service providers doesn’t let you to change the DNS Server of the WAN link. In that case you should go to DHCP Server configuration and update DNS Server Settings distributed through DHCP protocol. If your internet gateway is a firewall you may just change the DNS Server setting of your WAN interface.

    Using Dome Shield Agent:

    This will help you to create granular web access/security policies for your users and track web access/threats for each of the users.

    Dome Shield Agent encrypts DNS queries thus provides and additional layer of protection on top of web access controls and prevention of Advanced Threats. This method can be used for Roaming Users as well. You can install the agent to laptops and keep enforcing company web policy and protection against advanced threats even tough the user has left the company network.

    How-to:
    1. Login to C1 portal and click Licensed Apps > Dome Shield
    2. In Shield Portal go to Configure > Objects > Roaming Devices and Download the agent
    3. In Shield Portal go to Configure > Locations
    4. Add your external IP address and give it a name. (If you don’t know your external IP address just open google and type “what’s my IP”.)
    5. Install the agent into endpoints you want to protect, done!
    Note: Above method is for endpoints that are behind the external IP added on step 4. You can also provision endpoints that are out of company premises as well. In that case, you don’t need to add an IP into Locations but instead, after installation is done you need to take get the unique id placed under C:\Program Files (x86)\COMODO\Shield Agent\client.id and paste it into Configure > Objects > Roaming Endpoints > Add Device


    Using ITSM:

    If you have ITSM agent already installed, then it will only take seconds of time to install and active Dome Shield Agent in your endpoints. This will help you to create granular policies for your users on/off premise and track web access/threat overview from Shield portal per each of your users.

    How-to:
    1. Login to C1 portal and open Shield Portal
    2. In Shield Portal go to Configure > Locations
    3. Add your external IP address and give it a name. (If you don’t know your external IP address just open google and type “what’s my IP”.)
    4. Download the script from https://scripts.comodo.com/frontend/...-roaming-agent
    5. Open ITSM and navigate to Configuration Templates > Procedures and upload the script
    6. Go to Devices > Select Devices and Run Procedure by selecting above script.
    7. Selected devices will have Dome Shield Agent installed!

    ---

    Share the method you used to setup your environment. If you require a different setup method, lets talk.

  • #2
    Great advise, thanks.
    James Dyke.
    Director BCDR Solutions
    BCDR.Solutions
    Backup, Disaster Recovery & Business Continuity.

    Comment


    • #3
      Originally posted by bulut View Post
      [*]Add your external IP address and give it a name. (If you don’t know your external IP address just open google and type “what’s my IP”.)
      How can we setup location with dynamic external IP address?

      Comment


      • #4
        Originally posted by soporte@vilayers.com View Post

        How can we setup location with dynamic external IP address?
        You will have to use the endpoint install.
        James Dyke.
        Director BCDR Solutions
        BCDR.Solutions
        Backup, Disaster Recovery & Business Continuity.

        Comment


        • #5
          Good guide, simple and works.
          Robin
          Director
          Strobe Technologies Ltd
          https://www.strobe-it.co.uk/

          Comment


          • #6
            This would be perfect if Comodo had a way to allow Gateway filtering for Dynamic IP addresses? There is a service called Webtitan out there. They have a tool that creates a scheduled task to check every minute to see if your IP has changed. If it has, the service updates the IP address on WebTitan's site. If Comodo had this function that would be awesome.

            Comment


            • #7
              We have Roaming Agent that eliminates the need for dynamic IP synchronizations. It covers all IP changes as well as allows you to use on/off premises.

              Comment


              • #8
                yes, but I have price stingy customers that would like to hook the Dome Shield up to the router so they only pay for one license, instead of putting it on every device in their home and paying per device.

                Comment


                • #9
                  The license model is the same for both, we are counting the DNS queries and estimating average number of endpoints per organization. So even if you set one network from the router to forward all DNS queries, it wont be counted as 1 endpoint.

                  Comment


                  • #10
                    That is an interesting way of trying to license it as a IT company or web developer would use the web so much more than most so you have no real or good way of managing and monitoring this.
                    Robin
                    Director
                    Strobe Technologies Ltd
                    https://www.strobe-it.co.uk/

                    Comment


                    • #11
                      So let me get this straight. If I have the agent on one machine and I go over a specific number of queries I get billed as having more machines than I actually have? I love the Comodo products but I'm not going to use Dome Shield if this is how it's being billed. If I have one machine I should be filled for one machine.

                      Comment

                      Working...
                      X