Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: Resolving "Not secure" error while browsing secure sites

Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.


Overview

This Recommended Read provides you with a quick solution if you encounter an error of “Not Secure” – “Attackers might be trying to steal your information from outlook.live.com (for example, passwords, messages, or credit cards).”

Table of Contents

Issue

When accessing any secure sites, be it https://google.com, https://yahoo.com. https://outlook.live.com you simply cannot access the sites and you see the following error:




You may see the option “Proceed to yahoo.com (unsafe),” but it’ll redirect you to the same page upon clicking on it.





You may also try to access the website in an incognito mode, but you’ll still be able to see the same error. Upon clicking on the option “Proceed to outlook.live.com (unsafe),” you may be able to access it, but it won’t load completely.





NOTE: Irrespective of the web-proxy/DPI Engine with, Scan HTTP and decrypted HTTPS, Block QUIC Protocol options enabled/disabled, the error on the browser persists:





  • Application_classification, when turned on, traffic is categorized based on the application.
  • If you turn on microapp discovery, it identifies and classifies microapps used within web browsers.
  • If you turn application classification off, traffic categorization is based on port numbers.

NOTE: By default, it’s turned on.

What to do

A quick and easy solution to fix this issue is: “application_classification microapp-discovery.”

To run these commands, access the console of the Firewall using software such as Putty and press number 4 in the Main Menu

  1. Commands: system application_classification show

                        system application_classification microapp-discovery show

  • 2. Commands: system application_classification microapp-discovery off



Now, upon reloading the pages, you’ll be able to access the secure sites successfully:

I hope this Recommended Read has helped you resolve your issue.




Added TAGs
[edited by: Raphael Alganes at 5:52 AM (GMT -7) on 18 Sep 2024]
  • My XG was previously configured with those settings. On there MAC safari and firefox do not have any issues connecting to Yahoo or Google.

    On the W11 PC, edge fails to connect to both yahoo and google because they both have HSTS enabled and the certificate fails.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.