Advisory: Sophos Endpoint - "Your connection isn't private." We're aware of a certificate issue and are actively working to resolve it. Please see: KB-000045954 for the latest updates.

Issues accessing WebAdmin after FW upgrade to 9.718-5

I'm running the Home License of Sophos UTM on a physical box (Protectli Vault) as well as a VM on my Synology.   After I updated to 9.718-5 of the firmware, I am no longer able to access WebAdmin from my PC on either of the upgraded UTMs using either Google Chrome or MS Edge (latest versions, Chrome 119.0.6045.160 and Edge 119.0.2151.72.)  I receive this message:

Firewalls are working fine and passing traffic but I have no access to the WebAdmin from my desktop PC.  I have tested on multiple PCs with the same result.

However, using Chrome on my iPhone, I am able to access WebAdmin on the upgraded UTMs.

I maintain an additional Protectli for my in-laws and I did not upgrade its firmware after I saw this happen on my 2 UTMs.  I can still access the WebAdmin from Chrome on my PC on the UTM that has not been upgraded yet (it is running 9.717-3).

I see in the release notes for 9.718-5:

Fix [NUTM-14219]: [Basesystem] Remove support for weak TLS signature algorithms in Web Admin and User Portal

...and was wondering if this "fix" may have broken something with the TLS in the desktop version of Chrome.

Has anyone else observed this behavior, and does anyone have any suggestions for a fix/workaround so I can access WebAdmin from my PC?

Parents
  • Yes I have had similar situations with Chrome and mobile devices, basically it's saying this is a huge security risk and we wont let you go there becuase you are a "stupid user" and we know better. Slight smile

    I have found the easiest way to get around this is download the UTM CA and install the cert as a trusted site on your admin machine.

    Web Protection > Filtering Options > HTTPS CA's > Signing CA download

    Right Click > Install

    custom install to Trusted Root Certificate Authority, ReBoot after doing this is a good option too.

    ... seems the lockouts are not as restricted. Firefox certainly plays a lote better than Chrome too

Reply
  • Yes I have had similar situations with Chrome and mobile devices, basically it's saying this is a huge security risk and we wont let you go there becuase you are a "stupid user" and we know better. Slight smile

    I have found the easiest way to get around this is download the UTM CA and install the cert as a trusted site on your admin machine.

    Web Protection > Filtering Options > HTTPS CA's > Signing CA download

    Right Click > Install

    custom install to Trusted Root Certificate Authority, ReBoot after doing this is a good option too.

    ... seems the lockouts are not as restricted. Firefox certainly plays a lote better than Chrome too

Children
  • I had already done that; this is a different issue.  It's something with Chrome and the encryption.  The error isn't the usual "this site is a risk" or "Your connection is not private" message, it is actually an SSL Protocol Error.  For now I am just using Firefox to access the WebAdmin.  Interesting thing is that Chrome on my iPhone works just fine with the WebAdmin on the UTM with the newest firmware. Chrome on my PC still works fine accessing the WebAdmin on a UTM that hasn't been upgraded to the 9.718-5 firmware.