Dome Firewall VA 2.6 and Central Manager 1.4 Release Announcement

bulut · October 19, 2018, 11:17am

Hi Everybody,

We are happy to announce global availability of Dome Firewall Virtual Appliance 2.6.0 and Central Manager 1.4.0. This release provides several improvements and various fixes. This post communicates all the major changes in Dome Firewall 2.6.0 and Central Manager 1.4.0.

What’s New ?

L2TP VPN Support: By using L2TP IPSEC PSK client-to-site VPN tunnels now can be created for mobile devices, smartphones and tablets.
Dome Firewall Central Manager now can be used for managing VPN settings and users of multiple remote Dome Firewalls from a single window and without having to leave your seat.
A new bootable USB Script is available for creating USB Sticks for installing Dome Firewall 2.6.0 physical machines of your choice. Please check below for How-to.

All previous versions of Dome Firewall Central Manager are updated to 1.4.0 and in order to upgrade Dome Firewall to latest version go to System > Firmware and hit Upgrade button. For more info please visit: https://help.comodo.com/topic-451-1-...e-Version.html

Feel free to check the attached Release Notes for further information.

Click here to learn more about Dome Firewall and get your own copy of the software today, it’s FREE!!

How to create USB Sticks for installing Dome Firewall 2.6.0 to hardware appliance of your Choice:

This guide will help you create USB installation sticks for Dome Firewall 2.6.0.

Prequisites:

Ubuntu 14.04 (or an equivalent debian distro)
A Dome Firewall 2.6.0 ISO image to use
A USB flash disk of at least 2GB ( Warning : the contents of the disk will be completely erased after the operation)
A debian based distro
The installer script

Here you can find the Installer Script https://cdome.comodo.com/release-notes/DomeFWUSBscript/make_usb_installer.sh

>Step 1: Copy the script to a local folder


 $ mkdir usb-creation  
 $ cd usb-creation  
 $ cp  ./make_usb_installer.sh .

Step 2: Insert the target USB media into one of the USB ports, note the mounted device

Step 3: Invoke the script as shown below:

Assuming the USB Port is mounted as /dev/sdc , if else please update below path accordingly.


 $  ./make_usb_installer.sh /dev/sdc <path-to-iso-image>

Now your USB installation stick is ready to be used! All you have to do is insert USB into the phsyical appliance of your choice and hit Enter in the installation screen that shows “Install Dome Firewall”

Dome-FW-2.6-Dome-CM-1.4-ReleaseNote.pdf (274 KB)

dittoit · October 19, 2018, 8:35pm

Hi,
Register to Central Manager

not working,

turn it on, add IP and ORG remark, connect. All saves but noting happens

Noting in Pending Devices.

dittoit · October 19, 2018, 8:37pm

Also, NEED DNS to be allowed for the server “ip” im running this in Azure so to reduce cost a DNS name would be nice.

Jimmy · October 23, 2018, 2:30pm

@dittoit ,

We have created a support ticket to assist you further with your reported issue.

MattBlacK85 · October 25, 2018, 6:49pm

Hello,

The download link for the usb installer isn’t working.

Thanks

Rick_C · October 25, 2018, 11:50pm

As of this post, we are able to download the shell script for the USB installer using the following link:

<a href="http://cdome.comodo.com.staging/release-notes/DomeFWUSBscript/make_usb_installer.sh">http://cdome.comodo.com.staging/rele...b_installer.sh</a>

You may want to try using a different browser if your current one is still not allowing you to download it. If somehow you are still unable to download it, feel free to copy+paste the contents of the shell script below:

#!/bin/bash

export THIS=$(basename $0)

if [ $# -ne 2 ]; then
    echo "usage: $THIS [usb_dev_entry] [Comodo_UTM_iso]"
    echo
    echo "example:"
    echo "       $THIS /dev/sdb ~/Downloads/ComodoUTM-1-1-0-598-i386.iso"
    exit 1;
fi

export FLASH=$1
export ISO_IMAGE=$2
export PRIMARY_PARTITION=${FLASH}1
export LABEL="Comodo_UTM"
export PTYPE=msdos
export FLASH_MNT_DIR=$(tempfile)
export ISO_MNT_DIR=$(tempfile)

# Environmental variables
export BAUD=${BAUD-115200}

ask_question() {
    local QUESTION="$*"

    while [ 1 ]; do
        echo -n "$QUESTION (y/n): "
        read ANSWER

        [ -n "$ANSWER" ] || continue

        if [ "$ANSWER" == "y" ]; then
            return 0
        elif [ "$ANSWER" == "n" ]; then
            return 1
        fi
    done
}

get_flash_size() {
    parted -s $FLASH print|awk '/^Disk/ {print $3}'|sed 's/[Mm][Bb]//'
}

print_flash_partitions() {
    parted -s $FLASH print|awk '/^ / {print $1}'
}

remove_all_partitions() {
    echo "+ Removing all partitions on $FLASH"
    if ! ask_question "  ! All the data on $FLASH will be lost. Do you want to continue ?"; then
        echo "Quiting"
        exit 0
    fi

    for v_partition in $(print_flash_partitions); do
        echo -n "  -> removing ${FLASH}${v_partition} "
        parted -s $FLASH rm ${v_partition} && echo "ok" || echo "failed"
       done
}

create_partition_table() {
    local SIZE=$1

    echo "+ Creating a new partition on $FLASH"
    parted -a optimal $FLASH mklabel $PTYPE
    parted -a optimal -- $FLASH unit compact mkpart primary ext3 "1" "-1"
    parted $FLASH set 1 boot on
    mkdosfs -n "$LABEL" $PRIMARY_PARTITION && echo "OK. That's it"
}

create_temp_dirs() {
    rm -f $FLASH_MNT_DIR $ISO_MNT_DIR
    mkdir -p $FLASH_MNT_DIR
    mkdir -p $ISO_MNT_DIR
}

get_flash_uuid() {
    blkid|grep ${PRIMARY_PARTITION}|awk '{gsub(/UUID=/, "", $3); print $3;}'|tr -d '"'
}

mount_iso_and_flash() {
    # Mount ISO image
    mount -o loop $ISO_IMAGE $ISO_MNT_DIR || return 1

    # Mount FLASH disk
    mount $PRIMARY_PARTITION $FLASH_MNT_DIR || return 1
    rm -rf $FLASH_MNT_DIR/*
}

copy_iso_files() {
    echo "+ Copying ISO files"

    #rsync -ah --progress $ISO_MNT_DIR/isolinux/ $FLASH_MNT_DIR/syslinux/ --exclude=postinstall
    rsync -ah --progress $ISO_MNT_DIR/isolinux/ $FLASH_MNT_DIR/syslinux/
    sleep 2
    rsync -ah --progress $ISO_MNT_DIR/ks $FLASH_MNT_DIR/
    sleep 2
    rsync -ah --progress $ISO_MNT_DIR/images $FLASH_MNT_DIR/
    sleep 2
    rsync -av --progress $ISO_IMAGE $FLASH_MNT_DIR/
    sleep 2
    # Remove all ISO specific files
    find $FLASH_MNT_DIR -name TRANS*|xargs rm -f

    echo "+ Unmounting $PRIMARY_PARTITION"
    sync
    umount $PRIMARY_PARTITION

    echo "+ Running syslinux"
    syslinux -i -d syslinux $PRIMARY_PARTITION

    echo "+ Installing MBR"
    install-mbr ${FLASH}

    echo "+ Configuring syslinux.cfg"
    mount $PRIMARY_PARTITION $FLASH_MNT_DIR

    local UUID=$(get_flash_uuid)
cat<<EOF > $FLASH_MNT_DIR/syslinux/syslinux.cfg
default vesamenu.c32
prompt 0

menu background splash.jpg
menu title Welcome to ComodoUTM Installation!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color timeout_msg 0 #ffffffff #00000000
menu color timeout 0 #ffffffff #00000000
menu color cmdline 0 #ffffffff #00000000

serial 0 ${BAUD}

label ubnentry1
menu label ^Install or upgrade an existing system
kernel /syslinux/vmlinuz
append initrd=/syslinux/initrd.img LANG=en_US.UTF-8 repo=hd:UUID=${UUID}:/ ks=hd:UUID=${UUID}:/ks/ks.cfg console=tty0 console=ttyS0,${BAUD}n8

label ubnentry3
menu label ^Rescue installed system
kernel /syslinux/vmlinuz
append initrd=/syslinux/initrd.img rescue console=tty0 console=ttyS0,${BAUD}n8

label ubnentry4
menu label ^Memory test
kernel /syslinux/memtest
append initrd=/ubninit -
EOF
    cp $ISO_MNT_DIR/ks-usb/ks.cfg  $FLASH_MNT_DIR/ks/

    echo "+ Unmounting $PRIMARY_PARTITION"
    sync
    umount $PRIMARY_PARTITION
}

cleanup_everything() {
    echo "+ Finishing"
    umount $PRIMARY_PARTITION 2>/dev/null
    umount $ISO_MNT_DIR 2>/dev/null
    rm -rf $FLASH_MNT_DIR $ISO_MNT_DIR
}

trap "cleanup_everything" EXIT

### main
    remove_all_partitions   && \
    create_partition_table  && \
    create_temp_dirs        && \
    mount_iso_and_flash     && \
    copy_iso_files


UUID=$(get_flash_uuid)
cat<<EOF > $FLASH_MNT_DIR/syslinux/syslinux.cfg
default vesamenu.c32
prompt 0

menu background splash.jpg
menu title Welcome to ComodoUTM Installation!
menu color border 0 #ffffffff #00000000
menu color sel 7 #ffffffff #ff000000
menu color title 0 #ffffffff #00000000
menu color tabmsg 0 #ffffffff #00000000
menu color unsel 0 #ffffffff #00000000
menu color hotsel 0 #ff000000 #ffffffff
menu color hotkey 7 #ffffffff #ff000000
menu color timeout_msg 0 #ffffffff #00000000
menu color timeout 0 #ffffffff #00000000
menu color cmdline 0 #ffffffff #00000000

serial 0 ${BAUD}

label ubnentry1
menu label ^Install or upgrade an existing system
kernel /syslinux/vmlinuz
append initrd=/syslinux/initrd.img LANG=en_US.UTF-8 repo=hd:UUID=${UUID}:/ ks=hd:UUID=${UUID}:/ks/ks.cfg console=tty0 console=ttyS0,${BAUD}n8

label ubnentry3
menu label ^Rescue installed system
kernel /syslinux/vmlinuz
append initrd=/syslinux/initrd.img rescue console=tty0 console=ttyS0,${BAUD}n8

label ubnentry4
menu label ^Memory test
kernel /syslinux/memtest
append initrd=/ubninit -
EOF
    cp $ISO_MNT_DIR/ks-usb/ks.cfg  $FLASH_MNT_DIR/ks/

    echo "+ Unmounting $PRIMARY_PARTITION"
    sync
    umount $PRIMARY_PARTITION

Marveltec · October 26, 2018, 9:58am

Hi, is there a minimum spec to run Dome Firewall direct on hardware? i.e. CPU/RAM/NIC…etc

Samuel_C · October 26, 2018, 10:52am

Hello @Marveltec,

Please ensure your PC meets the following minimum requirements:

1 x Intel or equivalent CPU

2 GB RAM

4 GB Storage

2 x 1 GbE NIC

Thank you,

Samuel_C · October 26, 2018, 11:04am

Hello @MattBlacK85,

May we request to try the link below.

https://cdome.comodo.com/release-notes/DomeFWUSBscript/make_usb_installer.sh

Thank you and please let us know if the given link works for you.

Marveltec · November 5, 2018, 5:22am

Hi,

been playing with dome firewall and central manager.

which port does Central manager communicate back to the firewall on?

Feature request:
need the ability for the firewall to send a custom domain name “firewall.yourdomain.com” instead of the internet IP set on the interface to Central Manager so that it can communicate with Firewalls behind an LTE/Gateway device that controls the internet breakout.

Anna_C · November 5, 2018, 5:57am

Hello @Marveltec,

Thank you very much for providing us your suggestion for “[Dome Firewall Central Manager] Feature request: Ability to send us a custom domain instead of the internet IP”. Your input is important to us as it will help to improve the usefulness of C1 for the entire users community.

We have submitted your request to our product team. They will review it and determine where it will fit best on the product road-map. You will also receive an email from us shortly regarding on your other query.

Thank you.

Marveltec · November 13, 2018, 11:04am

Hi I have been testing Dome Firewall running on both VM and Hardware and there seems to be an issue with HTTPS/Web filtering it works intermittently and the service seems to crash often requiring a reboot of the VM or Hardware or making changes to the HTTPS proxy settings and updating which restarts the service.

Jimmy · November 13, 2018, 3:48pm

@Marveltec ,

We have created a support ticket in assisting you further with your report. Please check your forum registered email for some details we might need for investigation.