Secure Connection Failed

edited April 2021 in Firebox - Proxies

I have an M270 running WSM 12.5.1

Trying to access this: https://transfer.sgsaxys.com/
but Firefox gives me:
An error occurred during a connection to transfer.sgsaxys.com. PR_END_OF_FILE_ERROR

The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

I tried using IE. It gives me this:
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.

Google Chrome browser gives me:
This site can’t be reached
transfer.sgsaxys.com unexpectedly closed the connection.
Try:

Checking the connection
Checking the proxy and the firewall
Running Windows Network Diagnostics
ERR_CONNECTION_CLOSED

I suspect HSTS has something to do with it.

The site supports TLS 1.0, 1.1 and 1.2. Adding transfer.sgsaxys.com to bypass (HTTPS Proxy) DPI does not fix the problem. I still can't access it. I'm not sure what else I can do to allow access to the site. Anyone?

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative
    edited April 2021

    Hi @Ron

    I'd suggest making a packet filter for that site and seeing if the traffic can traverse that way. Using a packet filter will just NAT the traffic, and not proxy it. You can make the policy from any trusted to transfer.sgsaxys.com .

    That'll help determine if the proxy is causing your issue at all.

    If your issue continues, I'd suggest opening a support case (use the support center link at the top right of the page here.)

    -James Carson
    WatchGuard Customer Support

  • Can you access the site with HTTPS Proxy?

    I have another rule below HTTPS Proxy and it's an HTTPS packet filter (from: admin-group, To: Any-External). I authenticate with a username in the admin group so I can use that rule instead of HTTPS Proxy. Still can't access the site. Got the same error.

  • I get the same error when using a HTTPS proxy.
    If I accept the risk, I can get to the FTP web site.
    The cert shown is for the Firewall HTTPS cert that I imported into my web browser.
    You can add an Allow exception for this in your HTTPS proxy action.

  • @Bruce_Briggs said:
    I get the same error when using a HTTPS proxy.
    If I accept the risk, I can get to the FTP web site.

    There is no option to accept risk and proceed. I'm using the latest version of Firefox 88 and Chrome 90. I can access other https sites just fine including those sites in the content inspection "bypass" list.

    I added *.sgsaxys.com on the list. That does not allow me to access the site. Same error.

  • I use Firefox, and I have that option.

    Interestingly, I can now access that site using Firefox, Chrome, IE & Edge.
    I have not made any changes to my HTTPS proxy, such as adding al allow entry for this site.

  • That's weird. The only thing I have not tried is power cycling M270. Can't do that until tomorrow morning. If that doesn't help, the problem could be specific to WSM version 12.5.1.

    I have no problem accessing the site with the same PC/browsers connected over WiFi (to my smartphone hotspot). It's got to be Watchguard that is blocking access. No problem when M270 is out of the picture.

  • I’m running V12.7

  • Power cycling M270 did not solve the problem. Upgraded to version 12.7 (latest as of now). I can now access the site.

Sign In to comment.