Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 2620 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is the trigger for this screen

Daan

Hello all,

I'm sorry for having a bit of a noob question.

Behind my XG firewall, I have a whole set of webservers with a public IP.

The XG firewall is set in bridge mode.

When I migrate a website from my old datacenter to the new one (where the XG is installed), sometimes the websites don't work and they display the following image

Who can tell me what setting exactly triggers this screen?

 

Thank you



This thread was automatically locked due to age.
  • 0

    Hi Daan,

    usually caused by certificates not being installed on the server or provided to the user.

    In another thread you have displayed a rule that is wan to lan, you actually need to setup a business rule for each server that you are protecting behind the XG. A generic rule does not know how to direct the packets.

    Ian

  • 0 in reply to rfcat_vk

    Hi again Ian, nice to see you on this threat as well :)

     

    When you are stating the business rules per server, I believe you are referring to WAF.

    Allthough I do want to use WAF, I want to start implementing that at a later point in time, let's stabilize things first.

    My guess is that enabling the scanning of HTTP traffic on the WAN to LAN policy actually would trigger this screen, is my understanding correct?

     

    Kind Regards

     

  • 0 in reply to Daan

    Hi Daan,

    I try to assist where I can. WAN to LAN shouldn't trigger that message because you have the IPS effectively disabled.

    Please run the test again and expand the reason on the page as to why you are seeing the error, that will give you and idea where to look.

    Likely causes are no or incorrect certificates, https scanning is enabled, you have a web policy which is being activated by this site.

    Ian

  • 0 in reply to rfcat_vk

    I believe we can be 99% sure HTTP scanning was to blame, I have disabled this now on the WAN side, and have not seen the screen return (so far)

     

    I will keep an close eye on this when migrating over more websites.

    Thank you