How to all HSTS sites through the Firewall

ABSABS
edited September 2020 in Firebox - Certificates

HSTS sites are causing a problem when being accessed. The WG gives an invalid certificate error in all browsers. The WG blocks them, even if a rule is put in place to allow the traffic. Any ideas are appreciated.

Comments

  • Please post a log message showing a block

  • Hi, wondering if you ever got to the bottom of this?

  • Since this is a very old topic, please indicate the issue that you are having.
    Anything in Traffic Monitor to help understand this?

    Are you accessing the problem web sites using HTTPS?

    What firewall model and Fireware version is it running?

    Is there an example web site that is causing issues?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    I'd speculate the issue with HSTS back in 2020 would have been that TLS1.3 wasn't supported in the HTTPS proxy, or something similar/along those lines.

    In order to assist, like Bruce mentioned, we'll really need some logs detailing what is wrong. On the latest version of fireware (12.8.2 U1) as well as 12.9 beta, I can access HSTS sites with no issue.

    -James Carson
    WatchGuard Customer Support

  • I just want to add something that may be useful. Got the same problem yesterday. Chrome says something like "this site uses HSTS... etc" In my case, broken certificate chain is the issue. I can access https://efile.aphis.usda.gov after adding intermediate certificate.

Sign In to comment.