How to all HSTS sites through the Firewall

ABSABS
edited September 2020 in Firebox - Certificates

HSTS sites are causing a problem when being accessed. The WG gives an invalid certificate error in all browsers. The WG blocks them, even if a rule is put in place to allow the traffic. Any ideas are appreciated.

Comments

  • Bruce_BriggsBruce_Briggs

    Please post a log message showing a block

  • KevinFKevinF

    Hi, wondering if you ever got to the bottom of this?

  • Bruce_BriggsBruce_Briggs

    Since this is a very old topic, please indicate the issue that you are having.
    Anything in Traffic Monitor to help understand this?

    Are you accessing the problem web sites using HTTPS?

    What firewall model and Fireware version is it running?

    Is there an example web site that is causing issues?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    I'd speculate the issue with HSTS back in 2020 would have been that TLS1.3 wasn't supported in the HTTPS proxy, or something similar/along those lines.

    In order to assist, like Bruce mentioned, we'll really need some logs detailing what is wrong. On the latest version of fireware (12.8.2 U1) as well as 12.9 beta, I can access HSTS sites with no issue.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.