Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate is already used in HTTP-based policy

Hi,

I'm somewhat a newbie with Sophos and I'm working on a XG-135 that someone else setup that is no longer with the company.  I do have a lot of firewall experience, but not with Sophos...  I have a few questions...

1. When trying to delete a certificate I get this error:  Certificate could not be deleted. Certificate is already used in HTTP-based policy.

How is the best way to locate the specific policy that it is complaining about?  It wouldn't take much for the Sophos engineers to give us the name when it issues the error.  It obviously found an item that caused a violation, so why not report it back to us users along with the error it reports...

2. With firewall rules that are already in place, if I were to turn them off one by one, would the validation process that occurred in question #1 above still be run.  In other words, whether or not a rule is enabled or disabled, would that rule be totally ignored by any validation process?  I would hope that if it was disabled (turned off) it would be completely ignored, which would be much easier to troubleshoot.  Enable the rule and the issue returns, turn it off and the issue goes away, and bingo you now know what rule to work on...

 

Thanks,

Stanley



This thread was automatically locked due to age.
Parents
  • Stanley,

    for the point 1, check if the CA is used for the Amin Console under Administration > Admin Settings or in any Business Application Rule (the icon is a 24hours suitecase).

    For the point 2, it is not clear to me. Can you explain a little bit better?

    Thanks

  • Hi Luk,

    #2 explained.

    When making a change to a firewall rule and clicking the "save" button, the systems goes out and validates whether or not the new change can be applied and if validation passes we get the green notification that the save was successful.  My question is this...  Does the validation process "factor in" the rules that are disabled and only validate the enabled rules?

    If the disabled rules are NOT factored in the validation process, then we could disable and enable until we found the offending rule...  When troubleshooting, we could also get a lot of rules temporally out of the equation by disabling them.  Note that I'm only talking about troubleshooting an issue that XG is not willing to tell us where the issue is located.

    Hope that helps.

    Stanley

Reply
  • Hi Luk,

    #2 explained.

    When making a change to a firewall rule and clicking the "save" button, the systems goes out and validates whether or not the new change can be applied and if validation passes we get the green notification that the save was successful.  My question is this...  Does the validation process "factor in" the rules that are disabled and only validate the enabled rules?

    If the disabled rules are NOT factored in the validation process, then we could disable and enable until we found the offending rule...  When troubleshooting, we could also get a lot of rules temporally out of the equation by disabling them.  Note that I'm only talking about troubleshooting an issue that XG is not willing to tell us where the issue is located.

    Hope that helps.

    Stanley

Children
No Data