Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 16 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 4492 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 18 MR3 use incorrect certificate in web Warn/block page

Tanapol Euaungkanakul

Hi,

I found problem in MR3 (working fine in previous release MR-1-Build396)

When user access to Blocked or Warn web
Sophos just use default certificate instead of selected one and also didn't issued to valid firewall host name

v18 MR1 is work fine  it just use Cert that I configured in "Admin console and end-user interaction" menu

SSL interception and user portal still use correct certificate

Screenshot: www.dropbox.com/.../2020-10-19_17-05-13.png



This thread was automatically locked due to age.
Parents
  • +1

    Hi, Just got response from Sophos and working workaround 

    According to Technical Support 

    Tanapol, 

     This is regarding support case 03248790 and the reported issue with certificate warnings while browsing to Webadmin. 

    The screen shots you have provided were helpful in diagnosing the issue, this appears to be a known behavior in the 18.0.3 MR-3 firmware version. After upgrading the firmware to this version, users will need to regenerate and or remove then re-add there certificates. 

    When browsing to [Firewall Domain].com which is the firewalls webadmin portal, you see your firewalls default SSL certificate and firewall serial number. The firewall is configured not to use this, as observed in the screen showing Admin settings, however, this is expected with this firmware version.

    I try to re-add my cert.+key and now warn/block page are working again.

    Please note that my Cert. is purchase from trust CA that mean I have to completely remove my Cert. from VPN/Portal etc... and delete cert.

    In my case I also have to delete ALL CA in certification path (if any) then re-add just like when you setup it for the first time,

    re-add only cert without delete and re add CA in the path of that cert first just won't work for me.

Reply
  • +1

    Hi, Just got response from Sophos and working workaround 

    According to Technical Support 

    Tanapol, 

     This is regarding support case 03248790 and the reported issue with certificate warnings while browsing to Webadmin. 

    The screen shots you have provided were helpful in diagnosing the issue, this appears to be a known behavior in the 18.0.3 MR-3 firmware version. After upgrading the firmware to this version, users will need to regenerate and or remove then re-add there certificates. 

    When browsing to [Firewall Domain].com which is the firewalls webadmin portal, you see your firewalls default SSL certificate and firewall serial number. The firewall is configured not to use this, as observed in the screen showing Admin settings, however, this is expected with this firmware version.

    I try to re-add my cert.+key and now warn/block page are working again.

    Please note that my Cert. is purchase from trust CA that mean I have to completely remove my Cert. from VPN/Portal etc... and delete cert.

    In my case I also have to delete ALL CA in certification path (if any) then re-add just like when you setup it for the first time,

    re-add only cert without delete and re add CA in the path of that cert first just won't work for me.

Children
No Data
Unfiltered HTML