Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firefox Insecure Connection

Hey,

I am having problems with web opening websites using Firefox. Some pc's in my network have no problem and some have problems that wont allow any google related https website to be opened with firefox. And there is no option to add an exception either. I have not installed any certificates or have never enabled https scanning since i started using the xg firewall.

A screenshot of the error is given below

 

I dont have https decryption on and i have even turned off http and ftp scanning. I dont understand why it happens on a few laptops only and works fine on others. The version of Firefox is the same on all of the laptops. 

 

I just installed the xg firewall and this started happening after i made a few custom firewall rules and a few web filter policies. 

I have even tried after disabling the web filter polices but still no luck. 

Chrome works fine. 

A few computers on the network are having problems with chrome and not firefox. so something weird is going on. 

 

1. Are there any other settings that i need to change?

2. Are there any other services that might be scanning https other than the options in the firewall rule?

3. I have made a firewall rule that blocks google udp 443 so i have that set to REJECT or should it be Drop? and is there a different rule i have to make for Firefox?

4. Do i have to make a deny rule at the bottom of all the firewall rules or is that a given default?



This thread was automatically locked due to age.
Parents Reply Children
  • Basically the error is showing you have a certificate error on the XG. You can import the XG certificate into your browser.

    Somewhere in one of your rules you have HTTPS scanning enabled.

    Search the forums there are detailed explanations on this subject.

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Actually i dont have https scanning enabled in any of the firewall rules. And the same rule behaves different on different pcs. ON a few pcs firefox works fine and on some pcs firefox doesnt work at all. I think i am going to try to uninstall and reinstall the Firefox and see what happens. 

  • check which version of firefox they are using, because the newer versions 52 or later changed the rules.

    If I enable HTTPS scanning on my XG I get the same failures.

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hey

    I am using the latest version which is 53.02 and even after reinstalling firefox it doesnt work. Keep getting insecure connections. I deleted all the firefox data from Appdata so all previous data was not there. So there must be something in firefox thats causing this. Like the chrome bug that was recently talked about on the forums. 

    Now i am going to try a version before 52 to see if that works. 

  • Hey,

    I just installed version 51.0.1 and it still shows an insecure connection but atleast this version lets me add an exception. so that i can atleast open and use gmail and youtube and other https related websites. Version 53.02 doesnt even give an option to add an exception. So for now i will use this, but either its firefox's fault or Sophos XG bug. 

  • I am running 53.0 without https and I can connect, as soon as I enable https decrypt and scanning I get the error.

    The issue is with the certificate you are using and have installed on the XG and how you reference it in FF.

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Well i havent even installed any certificate or turned on https scanning so it doesnt make sense. 

    Then i even installed the local Certificate from the appliance and it still doesnt work. 

    Since it works on some systems and not on others i think it is some sort of local issues on some of the pc's. 

  • Hi Tom,

    Redownload the Appliance CA from the XG and try to install it on the affected system by following the steps:

    1. Open the Microsoft Management Console by typing "MMC" in the "Run" box.
    2. Open Add or Remove Snap-ins by selecting FILE > ADD/REMOVE SNAP-IN...
    3. Select Certificates from the list and click Add to display the Certificates Snap-in window.
    4. Select the Computer Account and click Next.
    5. Click Finish and close the list of snap-ins.
    6. Click OK to add the certificates snap-in, which should now be visible in the Add/Remove Snap-ins window.
    7. Expand the list of certificate containers, right click Trusted Root Authorities and choose All Tasks > Import to start Certificate Import Wizard.
    8. Import the Certificate downloaded in step 2 using this wizard.

    If that doesn't help then it should be a local system issue.

    Cheers-

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.