Announcement

Collapse
No announcement yet.

Unable to login to GB2100 via https

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to login to GB2100 via https

    Hello Everyone,

    suddenly, something has happened making it no longer possible to login in to the GB 2100 firewall using a web browser.

    Basically, the firewall is functioning correctly however trying to connect from the protected network via https does not even display the login page.

    Here's what I have tried to resolve this (to no avail):
    - I've used different browsers including Safai, FF, Chrome and IE
    - Used different computers and OS
    - I have tried connecting directly on port '0' using a crossover cable to an independent machine within the same network range
    - I have cold restarted
    - I have rebooted twice
    - I can access via the consul and have disabled the security policy preference 'Stealth'
    - I changed the remote administration access to 'Any'
    - I have tried various remote administration settings, including setting 'https' to 'none' and changing the port number, plus disabling and re-enabling www
    - I have flushed the AFP table

    The version is 6.2.03

    Does anyone have any idea what might be wrong?

    Best regards

  • #2
    Hi Bazil

    One major change in version 6.2.03 was TLS hardening which removed the less secure TLS 1.0 and TLS 1.1. I would check to see if the browsers you are using support TLS 1.2 which is the only version now supported by the latest firewall versions. A website I use to test my browsers is https://www.ssllabs.com/ssltest/viewMyClient.html

    I use FF and Chrome with no issues, the updated versions of these browsers should work. If not, the option for TLS 1.2 may be disabled.


    If this does not work, I would suspect certificate issue on the firewall. The only way that I know to resolve this is to go into the firewall using the serial cable. In Accounts > Remote Admin you can select the "New SSL Certificate" option which will change the certificate. In many cases this will allow you to log in and fix the original certificate issue.

    EDIT: Dont forget to include your port number in the url if you disable encryption and leave your admin port the same. For example if you leave it on port 443 but no encryption dont forget to use http://x.x.x.x:443
    Last edited by Rick; 2016-09-19, 10:36.

    Comment


    • #3
      Thank you so much Rick,

      Basically the problem was indeed with the port; it had been set to something other than 443 and the zone to only PROTECTED

      Consequently, changing the URL to https://x.x.x.x:XXXX worked but only in the newer browsers so it looks as though you're absolutely right regarding the TLS

      Many thanks for your help - I subsequently updated to 6.2.04

      Comment

      Working...
      X