Options
How to all HSTS sites through the Firewall
HSTS sites are causing a problem when being accessed. The WG gives an invalid certificate error in all browsers. The WG blocks them, even if a rule is put in place to allow the traffic. Any ideas are appreciated.
0
Sign In to comment.
Comments
Please post a log message showing a block
Hi, wondering if you ever got to the bottom of this?
Since this is a very old topic, please indicate the issue that you are having.
Anything in Traffic Monitor to help understand this?
Are you accessing the problem web sites using HTTPS?
What firewall model and Fireware version is it running?
Is there an example web site that is causing issues?
I'd speculate the issue with HSTS back in 2020 would have been that TLS1.3 wasn't supported in the HTTPS proxy, or something similar/along those lines.
In order to assist, like Bruce mentioned, we'll really need some logs detailing what is wrong. On the latest version of fireware (12.8.2 U1) as well as 12.9 beta, I can access HSTS sites with no issue.
-James Carson
WatchGuard Customer Support
I just want to add something that may be useful. Got the same problem yesterday. Chrome says something like "this site uses HSTS... etc" In my case, broken certificate chain is the issue. I can access https://efile.aphis.usda.gov after adding intermediate certificate.