Use different certificates Internal/External on Firebox

We use a different domain name internally to externally. Unfortunately the Firebox only allows you to select one certificate to use as the Webserver certificate. So visiting the internal Authentication Portal uses the same certificate as the SSLVPN/Access Portal.

I set the certificate to the external domain (ext-domain.com) so my external users don't get certificate warnings. My internal users, when authenticating, connect to https://wg.int-domain.com:4100 but get a certificate error because the domain doesn't match the external certificate.

I've raised this with WG and they created a bug/feature request for it but like other things I've reported it'll just sit there sending me reminder emails for the next millennia.

I also have a Pulse SSL VPN and I can configure different certificates on internal ports to External ports. Would this be a useful feature for anyone else or does anybody know a way around it?



  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    The best workaround I can suggest is to use a wildcard certificate if that works in your schema, but at this current point in time the firewall only loads one certificate.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.