Setting up Dome Shield is easy. It will only take a couple of minutes before you start enforcing web access policies, preventing advanced threats and monitoring all these activities.
I wanted to share some quick tips about how to setup your Dome Shield within just a few minutes.
Using your Internet Gateway Device(routers/firewalls/utms):
This will help you to create a single policy for the entire company and track web access/threat overview of the location’s internet gateway.
Easiest and fastest way to setup. You will get boundary security and company web access policy applied to every single internet connected device behind the router, including endpoints, servers and even IoT enabled devices.
How-to:
[ol]- Login to C1 portal and click Licensed Apps > Dome Shield
- In Shield Portal go to Configure > Locations
- Add your external IP address and give it a name. (If you don’t know your external IP address just open google and type “what’s my IP”.)
- Login to internet gateway of your network (router or firewall)
- Locate DNS Server Settings (generally located under Network > WAN Settings) and set 8.26.56.10 - 8.20.247.10
- Done![/ol]
Note: Some service providers doesn’t let you to change the DNS Server of the WAN link. In that case you should go to DHCP Server configuration and update DNS Server Settings distributed through DHCP protocol. If your internet gateway is a firewall you may just change the DNS Server setting of your WAN interface.
Using Dome Shield Agent:
This will help you to create granular web access/security policies for your users and track web access/threats for each of the users.
Dome Shield Agent encrypts DNS queries thus provides and additional layer of protection on top of web access controls and prevention of Advanced Threats. This method can be used for Roaming Users as well. You can install the agent to laptops and keep enforcing company web policy and protection against advanced threats even tough the user has left the company network.
How-to:
[ol]- Login to C1 portal and click Licensed Apps > Dome Shield
- In Shield Portal go to Configure > Objects > Roaming Devices and Download the agent
- In Shield Portal go to Configure > Locations
- Add your external IP address and give it a name. (If you don’t know your external IP address just open google and type “what’s my IP”.)
- Install the agent into endpoints you want to protect, done![/ol]
Note: Above method is for endpoints that are behind the external IP added on step 4. You can also provision endpoints that are out of company premises as well. In that case, you don’t need to add an IP into Locations but instead, after installation is done you need to take get the unique id placed under C:\Program Files (x86)\COMODO\Shield Agent\client.id and paste it into Configure > Objects > Roaming Endpoints > Add Device
Using ITSM:
If you have ITSM agent already installed, then it will only take seconds of time to install and active Dome Shield Agent in your endpoints. This will help you to create granular policies for your users on/off premise and track web access/threat overview from Shield portal per each of your users.
How-to:
[ol]- Login to C1 portal and open Shield Portal
- In Shield Portal go to Configure > Locations
- Add your external IP address and give it a name. (If you don’t know your external IP address just open google and type “what’s my IP”.)
- Download the script from Script Procedures Page for Comodo One Applications…-roaming-agent
- Open ITSM and navigate to Configuration Templates > Procedures and upload the script
- Go to Devices > Select Devices and Run Procedure by selecting above script.
- Selected devices will have Dome Shield Agent installed![/ol]
Share the method you used to setup your environment. If you require a different setup method, lets talk.
If you don’t have the license already just go to : Endpoint Detection and Response, Free - What is EDR Security?