Any word on if they will change it so you can install it on a system with less than 4 NIC’s??
Hi @BOSS ,
We were informed that it is already being worked on and you will be able to install it in a system with less than 4 NICs on the next release. Hope this information helps.
Great, thanks. Please let me know when the release hits, I am looking forward to trying this out.
Hi @BOSS ,
We are glad to know that you are excited about the upcoming release. No specific day yet but rest assured we will inform you the soonest to give you enough time to prepare.
I have the system up and running, but trying to migrate from IPFire is a little confusing as we have odd names and sections with Dome.
· Firewall objects is identical
· SNAT is firewall rules for outgoing connections, same as IPFire and all linux systems.
· Virtual IP, is this incoming connections?
· Firewall Policies, looks like incoming and outgoing in one screen with different options???
litle help and explanation would be great!! 
Looks nice though.
Yes Virtual IP is in fact for DNAT rules regarding incoming traffic https://help.comodo.com/topic-282-1-592-8197-Configuring-Virtual-IP-for-Destination-Network-Address-Translation.html
SNAT: https://help.comodo.com/topic-282-1-592-7900-Source-Network-Address-Translation.html
Regarding policies, yes protection rules can be applied as policies https://help.comodo.com/topic-282-1-592-6668-Configuring-UTM-Services-and-Protection-Settings.html
The documentation here is for Korugan which was upgraded to cDome FW, most of the topics here are still valid.
Not sure if im being stupid or not, but is there a simple single rule / policy we can add to get protection on connection???
IPFire so much easier and logical compared to this.
Also, DNAT options are very bad as cannot use objects etc.
If it has not been released by the time I get a little while to look into the system, I may just pick up a couple NIC’s and toss them in there.
I used ISO to install it on my ESXi 5.5 box. It completed (I think) and it automatically halt by itself. after rebooting, it stops on linux login screen. (I don’t have a root login)
When I use https://192.168.0.15:10443, I can see the login screen. but I don’t have user/password. I assume it’s a cloud based product without a local web console. However, when I checked my DHCP lease, I don’t see any IP were taken by this new virtual appliance. So how can this appliance reach Internet?
Hello @z.yong,
We would like to verify if you have the login screen same as the attachment? If by any chance yes, please try username: root and password: vmware. Thank you
I think you are after:
How to Start Dome Firewall Virtual Appliance License
1.After installation is completed, open your browser
2.Go to https://192.168.0.15:10443
3.Login with admin:comodo
See below.
Not yet installed it, but seriously looking into it. Couple of questions that i haven’t yet seen asked or answered.
- Would you advise running on a physical box for a production environment to ensure seperation between the WAN and LAN environments?
- Does the solution support multiple WAN inputs for load balancing and failover?
- Does the solution support bandwidth throttling on a per IP / per Network basis?
- How does this benchmark against other enterprise UTM products (SonicWALL, Sophos, Baracuda)?
Thanks PL
Hi @curatrix_pl . Here are the answers to your questions. Hope this helps. Thank you
- Would you advise running on a physical box for a production environment to ensure seperation between the WAN and LAN environments?
Answer : Yes it can be done - Does the solution support multiple WAN inputs for load balancing and failover?
Answer : Cannot do load balancing but it can do fail over between two wan inputs - Does the solution support bandwidth throttling on a per IP / per Network basis?
Answer : Its in the road map and coming with the next release - How does this benchmark against other enterprise UTM products (SonicWALL, Sophos, Baracuda)?
Answer : https://cdome.comodo.com/firewall/#compare
Hi @Parker
Thanks for the answers you have provided, however, 2 of them dont really answer the questions that were asked.
- ‘Yes it can be done’ does not really answer the question 'would you advise;. I’m looking for best practice deployment in production, not lab deployment for testing. I would seriously question anyone who put a VM based UTM into a production environment as there would be likely no physical seperation in traffic and would potentially open up the Hyper Visor to attack.
- I wouldn’t say that PFSense and Endian are true enterprise products, they are open source, and this page doesn’t provide any benchmarking information to compare against UTM products, just feature lists. Enterprise UTMs are what i would class as device based firewalls like SonicWALL, Sophos and Baracuda. From Benchmarking, i would like to see statistics, not just marketing fluff saying you ‘provide’ something.
Another question, are there any plans to integrate the dome firewall management interfaces into C1 / ITSM for central administration of multiple customers firewall environments?
Hi @Raymond_Co
Sorry for taking so long to reply. When I try going to the IP address to get to the login page, it simply tells me that the site can’t be reached. It does this no matter which browser I use to try and get to the page.
Hi @curatrix_pl ,
If I may ask, are you pertaining to the Website Filtering option in ITSM? If yes, we already have Feature Request plotted and on the roadmap which will be released in 2017Q4.
Hi @flmsp ,
Kindly refer to this link as a guide on how to log on to the Dome Firewall Virtual Appliance screen:
ITarian Forum - ITarian Forum.
Thanks!
No, i’m referring to being able to provision NAT policies etc. from a central location, as well as monitoring bandwidth, etc.