Issues accessing WebAdmin after FW upgrade to 9.718-5

I'm running the Home License of Sophos UTM on a physical box (Protectli Vault) as well as a VM on my Synology.   After I updated to 9.718-5 of the firmware, I am no longer able to access WebAdmin from my PC on either of the upgraded UTMs using either Google Chrome or MS Edge (latest versions, Chrome 119.0.6045.160 and Edge 119.0.2151.72.)  I receive this message:

Firewalls are working fine and passing traffic but I have no access to the WebAdmin from my desktop PC.  I have tested on multiple PCs with the same result.

However, using Chrome on my iPhone, I am able to access WebAdmin on the upgraded UTMs.

I maintain an additional Protectli for my in-laws and I did not upgrade its firmware after I saw this happen on my 2 UTMs.  I can still access the WebAdmin from Chrome on my PC on the UTM that has not been upgraded yet (it is running 9.717-3).

I see in the release notes for 9.718-5:

Fix [NUTM-14219]: [Basesystem] Remove support for weak TLS signature algorithms in Web Admin and User Portal

...and was wondering if this "fix" may have broken something with the TLS in the desktop version of Chrome.

Has anyone else observed this behavior, and does anyone have any suggestions for a fix/workaround so I can access WebAdmin from my PC?

  • Have you tried to login over incognito windows from the browsers?

  • I have tried incognito mode, I have cleared cookies and cache, and I have tried from multiple PCs.  Yesterday Chrome had an update and I was hopeful that might resolve the issue, but I still am getting the SSL Protocol Error.

  • Hi, i had the same issue. With old Iexplore on Server2016 it works.

  • I installed Firefox on my PC and I am now able to access the webadmin using that browser.  Hopefully this issue will be resolved in the next firmware update and/or a future Chrome/Edge update.

  • Using Firefox, I compared the encryption between the UTM that won't connect in Chrome (FW version 9.718-5) and the UTM that I have not upgraded yet - which still connects fine in Chrome (FW version 9.717-3) and found differences in the encryption.

    FW version 9.718-5 connects with (TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2)

    FW version 9.717-3 connects with (TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2)

    So it appears there may be an issue with the ECDSA keys and Chrome.  

  • Yes I have had similar situations with Chrome and mobile devices, basically it's saying this is a huge security risk and we wont let you go there becuase you are a "stupid user" and we know better. Slight smile

    I have found the easiest way to get around this is download the UTM CA and install the cert as a trusted site on your admin machine.

    Web Protection > Filtering Options > HTTPS CA's > Signing CA download

    Right Click > Install

    custom install to Trusted Root Certificate Authority, ReBoot after doing this is a good option too.

    ... seems the lockouts are not as restricted. Firefox certainly plays a lote better than Chrome too

  • I had already done that; this is a different issue.  It's something with Chrome and the encryption.  The error isn't the usual "this site is a risk" or "Your connection is not private" message, it is actually an SSL Protocol Error.  For now I am just using Firefox to access the WebAdmin.  Interesting thing is that Chrome on my iPhone works just fine with the WebAdmin on the UTM with the newest firmware. Chrome on my PC still works fine accessing the WebAdmin on a UTM that hasn't been upgraded to the 9.718-5 firmware.

  • Has anyone found a fix for this?  Has Sophos been notified about this bug?  This scared the hell out of me after I recently updated to 9.718-5 and then tried to access the WebAdmin page, only to see this error.

    I am able to connect using Firefox (as has been suggested by some other people here) but I feel like the WebAdmin portal should work in all major browsers, and I'm nervous now that something else might break it working in Firefox.

  • No fix yet; I am still using Firefox to access my WebAdmin on my 9.718-5 firmware UTM.  I am assuming the issue will be addressed in the next firmware update.  It seems to be specific to accessing the WebAdmin of the UTM using Chrome/Edge.  I have plenty of other devices (NAS, UniFi, etc.) that still work just fine in Chrome/Edge.

  • It seems like you're facing issues accessing the WebAdmin interface after upgrading the firmware to version 9.718-5. If you're having trouble accessing the WebAdmin, here are some steps you can take to troubleshoot the issue:

    1. Check Network Connectivity:

      • Ensure that your device is connected to the network. Verify that other devices on the same network can access the WebAdmin interface.
    2. Browser Compatibility:

      • Try accessing the WebAdmin interface using a different web browser. Sometimes, browser cache or cookies can cause issues like
    3. Clear Browser Cache:

      • Clear the cache and cookies in your web browser to eliminate any potential conflicts with the previous version like
    4. Correct URL:

      • Make sure you are using the correct URL to access the WebAdmin interface. Check the documentation or user manual for the correct address.
    5. Firewall and Security Software:

      • Temporarily disable any firewall or security software that might be blocking the connection. Ensure that the firewall settings allow access to the WebAdmin interface.
    6. Reset Router:

      • If the router has been recently upgraded, try performing a reset on the router. This can sometimes resolve configuration issues.
    7. Check Firmware Release Notes:

      • Review the release notes for firmware version 9.718-5. There might be specific instructions or known issues that could help you troubleshoot the problem.
    8. Contact Support:

      • If the issue persists, contact the support team for the device or software you are using. They may be able to provide specific guidance or solutions.
    9. Rollback Firmware:

      • If all else fails, consider rolling back to the previous firmware version to see if the issue is resolved. Follow the instructions in the documentation or contact support for guidance on the rollback process.
    10. Logs and Diagnostics:

      • Check the device logs or diagnostics for any error messages or issues that could provide clues about the problem. This information can be valuable for support or troubleshooting.