watchguard authentication page - Your connection is not private

i enabled user authentication on the policy yet whenever accessing a website the users is given a Your connection is not private page instead of having the https: // :4100 page to login..

how do i resolve this issue?

Comments

  • edited March 26

    Import the firewall Fireware web CA certificate into your PC or web browser.
    Info on this is shown in the topic of your other post, here:

    Auth portal cert error
    https://community.watchguard.com/watchguard-community/discussion/27/auth-portal-cert-error

    You can access the firewall certs via the cert portal:

    http:// Firebox IP address :4126/certportal.

  • yes i already did.. but the browser still does not redirect automatically to the authentication page

  • these are the policies that i set..

  • these are the policies that was set by the supplier..

    i have this users in firebox-db just for testing..

    i have 2 aliases also server farm and office vlan so that they will be exempted for the testing.. i made a the ip of my test device are separate from the office vlan and the server farm

    the test pc shows that it is not able to connect to the internet. :smile: thats good already but what i wanted is that i will automatically redirect the user to the authentication portal... at 4100.. but its not redirecting automatically

    i checked the traffic management logs and this is the result

    it seems that it is being denied at port 4102.. based from some forums that 4102 is the https redirect.. it seems not to work.. what could be wrong?..

    Thank you by the way for the reply

  • Care to post a Port 4102 deny log message from Traffic Monitor?
    None are shown in the above Traffic Monitor denies.

    Also please verify that you do have the "Automatically redirect users to the authentication page" option selected in the Authentication Settings

  • i arrive on HSTS page.. the authentication portal redirect seems to be blocked by HSTS page..

  • edited April 3

    deleted comments about testing which failed.
    see below

  • edited April 3

    Just thought about my testing - my self signed cert did not have the IP addr of the firewall interface for the subnet from which I was testing.
    I will update the cert to include it & test more, and post back soon.

  • Success.

    With the updated CA cert, installed, Chrome, Opera, Brave all worked as expected.
    The only problem web browser was Firefox - I only got around it by adding an exception.
    Testing access to www.watchguard.com

  • Also tested MS Edge - it required Javascript to be enabled, and then worked.

    And for all browsers including Firefox after the exception, access to www.google.com worked.

    So the correct self signed cert is the resolution to this - at least in my testing.

  • oh should i include the ip of the client?..

  • oh.. at first it was not working.. now i closed the browser.. re open it again.. and the redirect works smoothly.. thank you very much for your support

  • got it to work after closing the browser.. thank you for your support!

Sign In to comment.