Results 1 to 6 of 6
  1. #1
    Newbie
    Join Date
    Apr 2020
    Posts
    10

    Default Default Certificate when 443 is Forwarded

    Hi

    I do have a strange issue. I have set the management port of Untangle to 444 within the Services and do have a single WAN ip. I have created Port Forward rules (simple) to port forward 443 to another internal host.

    Most clients are working fine and can open the internal host https page from the internet. But some clients are getting a connection failure when browsing to HTTPS WAN IP and as a certificate the default unsigned Untangle certificate is shown.

    How can i solve this?

    Martin
    Last edited by Martinvdm; 05-15-2020 at 04:17 AM.

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,414

    Default

    You my friend have discovered a wonderful, not so obvious truth of Untangle!

    And that is, it's modules with very few exceptions do not care about direction of traffic!

    You must, redirect ingress service traffic ESPECIALLY WEB, and FTP traffic... into a dedicated rack that has almost nothing installed in it. If you do not... well... It's filtering all that stuff on the way in just as if it's on the way out.

    To put it short, Web Filter, Threat Prevention, or something else... is BLOCKING those users, and the certificate error they're getting is because they're being redirected to the Untangle Block page.

    If you don't have policy manager, you're going to have to bypass ingress TCP 443 and 80 destined to your web server so Untangle stops scanning it.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Newbie
    Join Date
    Apr 2020
    Posts
    10

    Default

    Thanks. It was Threat Prevention. As it was expired aready It was still enabled. After disabling it, it is working. Thanks.
    About the rack. Is it true this is not within the default theme?
    I should play more with it. More familiar to configure fortigates, i need to get used to the fact that some functions are working both ways.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,414

    Default

    If you don't have a subscription to Policy Manager, you do not have the ability to define policies. I keep referring to those as racks, because that was the older name.

    So if you're running free Untangle platform, your only real option is to bypass ingress traffic destined to TCP 443/80 or bad things will happen to your web services. But, there's also no Web Filter or Threat Prevention to be a problem. Virus Blocker Lite will be an issue though... so careful.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #5
    Newbie
    Join Date
    Apr 2020
    Posts
    10

    Default

    I have the paid home edition.
    So your advise is to use policy manager and define fine grained policies for all kinds of traffic?

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,414

    Default

    Quote Originally Posted by Martinvdm View Post
    I have the paid home edition.
    So your advise is to use policy manager and define fine grained policies for all kinds of traffic?
    Only for the cases where problems arise, or when there's a need.

    Ingress http/https/ftp/ftps are one such need. Ingress SMTP too... but that's another thing.

    Besides, it's nice to be able to filter by policy and see all the fun stuff going into your web server in one place.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2