Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 33969 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firefox Insecure Connection

tom greene

Hey,

I am having problems with web opening websites using Firefox. Some pc's in my network have no problem and some have problems that wont allow any google related https website to be opened with firefox. And there is no option to add an exception either. I have not installed any certificates or have never enabled https scanning since i started using the xg firewall.

A screenshot of the error is given below

 

I dont have https decryption on and i have even turned off http and ftp scanning. I dont understand why it happens on a few laptops only and works fine on others. The version of Firefox is the same on all of the laptops. 

 

I just installed the xg firewall and this started happening after i made a few custom firewall rules and a few web filter policies. 

I have even tried after disabling the web filter polices but still no luck. 

Chrome works fine. 

A few computers on the network are having problems with chrome and not firefox. so something weird is going on. 

 

1. Are there any other settings that i need to change?

2. Are there any other services that might be scanning https other than the options in the firewall rule?

3. I have made a firewall rule that blocks google udp 443 so i have that set to REJECT or should it be Drop? and is there a different rule i have to make for Firefox?

4. Do i have to make a deny rule at the bottom of all the firewall rules or is that a given default?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to rfcat_vk

    Actually i dont have https scanning enabled in any of the firewall rules. And the same rule behaves different on different pcs. ON a few pcs firefox works fine and on some pcs firefox doesnt work at all. I think i am going to try to uninstall and reinstall the Firefox and see what happens. 

Children
  • 0 in reply to tom greene

    check which version of firefox they are using, because the newer versions 52 or later changed the rules.

    If I enable HTTPS scanning on my XG I get the same failures.

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hey

    I am using the latest version which is 53.02 and even after reinstalling firefox it doesnt work. Keep getting insecure connections. I deleted all the firefox data from Appdata so all previous data was not there. So there must be something in firefox thats causing this. Like the chrome bug that was recently talked about on the forums. 

    Now i am going to try a version before 52 to see if that works. 

  • 0 in reply to tom greene

    Hey,

    I just installed version 51.0.1 and it still shows an insecure connection but atleast this version lets me add an exception. so that i can atleast open and use gmail and youtube and other https related websites. Version 53.02 doesnt even give an option to add an exception. So for now i will use this, but either its firefox's fault or Sophos XG bug. 

  • 0 in reply to tom greene

    I am running 53.0 without https and I can connect, as soon as I enable https decrypt and scanning I get the error.

    The issue is with the certificate you are using and have installed on the XG and how you reference it in FF.

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Well i havent even installed any certificate or turned on https scanning so it doesnt make sense. 

    Then i even installed the local Certificate from the appliance and it still doesnt work. 

    Since it works on some systems and not on others i think it is some sort of local issues on some of the pc's. 

  • 0 in reply to tom greene

    Hi Tom,

    Redownload the Appliance CA from the XG and try to install it on the affected system by following the steps:

    1. Open the Microsoft Management Console by typing "MMC" in the "Run" box.
    2. Open Add or Remove Snap-ins by selecting FILE > ADD/REMOVE SNAP-IN...
    3. Select Certificates from the list and click Add to display the Certificates Snap-in window.
    4. Select the Computer Account and click Next.
    5. Click Finish and close the list of snap-ins.
    6. Click OK to add the certificates snap-in, which should now be visible in the Add/Remove Snap-ins window.
    7. Expand the list of certificate containers, right click Trusted Root Authorities and choose All Tasks > Import to start Certificate Import Wizard.
    8. Import the Certificate downloaded in step 2 using this wizard.

    If that doesn't help then it should be a local system issue.

    Cheers-

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Unfiltered HTML