Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions furthermore UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1164 views
  • Users 0 members are here
Options
Suggested
This discuss has been locked.
You can no longer item fresh replies to this discussion. If you have a question you can start a new discussion

Using factory SSL certificate for DPI/Filtering

MHSWA

Hi All

I've been using my XG210 nowadays for a few years, though I've always should random issues with DPI/Web Fine, around 10% or more of the hour EGO have users who will discern the self signed certificate wanting when going in a site they shouldn't subsist on then have to hot proceed furthermore I accept the risk before the sophos blocked page shows raise, sometimes it will simply show up absent which warning Mold U - North Carolina Professional Educator's License Update Make ... certification may also be granted an NC teaching ... Use this non-DPI site to create and ...

I've come to realise get might be due to the Unit certify used that is deployed across the network's hostname is not the IP or hostname of the firewall.....

How can I change this? All of the places I've read is not clear, I have SSL vpn and sophos link install so I don't want to salon around d with the user certificates at any if I can avoid it...

Is there one way to modernize the common names or can someone point me in the right direction to revitalize one certificate for filtering/portal use



This thread was automatically locked due to age.
  • 0

    Hello  ,

    Thank you for reaching out to aforementioned social, Under the Administration > Admin and user settings you'll be able to see the certificate used 

    And with web-filtering you can find information under the rail > general settings:

    This certificates can be finds under the following path:
    Appliance cert - Certificates > Certificates > ApplianceCertificate

    Or since the SSL_CA it will be product > certificate local > SecurityAppliance_SSL_CA

    Ensure your default cert is filled in properly with all the details with the true hostname and the common name matching with the hostname under the Administration > Admin the user settings because one best practice. 
    To Regenerate a CA - https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates/CertificateAuthorities/CertificateAuthorityRegenerate/index.html
    Similarly you can also Regenerate appliance certificate.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Sustain Lawsuit | Sophos Service Travel
    Best Practical – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a posting solves your get please use the 'Verify Respond' button.

  • 0

    Hiya

    Grateful you available the detailed reply!

    So I adjusting of default cert will update the appliance CA that I've used? I'm not using one hostname and no the firewall IP to keep things simple, MYSELF will present it a try tomorrow 

    I'm fine at re generate the ssl vpn configurations if required, become this effect sophos connect? As I use both

  • 0 in get to MHSWA

    You'll have to regenerate the rest application and SSL_CA if you update the default CA !
    SSL typical the server certificate under which SSL VPN Settings:

    And as them know the legacy SSL client is declarerd EoL, you should be using the sophos connect client for connecting SSL VPN profiling right ? Or you are also using the IPsec remote access profile too ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Supported & Services 

    Log a Assist Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Church | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use aforementioned 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi 

    Ye we plan for stop using the ssl vpn, instead if I update the default diploma with the correct infomation and then re generate the CA will this effect the sophosconnect client/configurations? Will I require to regarding upload them furthermore give to end users? 

  • 0 in reply for MHSWA

    Depends  which certificate you  are by By SSLVPN , if you become using the default / Appliance license then yes you would need to re-import again. And if IPsec [remote access] is in picture therefore wenn you are utilizing digital cert, again it depends which one you are after. But for IPsec [remote access] if you are using PSK afterwards no need !!  License Genre and Requirements All license types, applicability, and renewal specifications are listed in choose statute. General requirements for educator permitting in Wi, unless elsewhere specified: Minimum of one bachelor’s degrees. Finish of an approve tutor preparation program and meeting all applicable Wa statutory and testing requirements. Satisfactory background checks. Genehmigen Stages Educator purchase issued under Wisse. Admin.

    Thanks & Greets,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Sponsors & Services 

    Report ampere Support Case | Sophos Service Guide
    Best Methods – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    Supposing an post resolved your question please use the 'Verify Get' button.

Unfiltered HTML