XG450 Locally signed Certificate for LAN IP

I have also found edge does not like the XG ca where as ie on the same pc was quite happy with it.

piano

i did with WAN IP and it works on both chrome and edge. Seriously... i don't think we want to be using IE since it was officially took out from win11.
I know there's still IE mode on microsoft edge but that's really weird to run the firewall page just for that.

I wasn’t suggesting to run ie, I was commenting that ie works where edge fails. In theory edge should pickup ie security settings, in my opinion.

ian

You mean LAN suppose to work just edge isn't pickin it up ?

Hello ywillie,

Thank you for reaching out to the community, please refer the guide below for better clarity and avoid errors:
> https://support.sophos.com/support/s/article/KB-000036904?language=en_US

Thanks for the guide. I did looked up on that. Like i mention, only WAN IP work.

Well have you tried generating again this time with the LAN IP ?

Hi

Any method to troubleshoot where i hit a brick ? 

Then from the following menu, select the cert

Then from the certificate authorities download the default cert and install that in your client machine !!

Then from the following menu, select the cert

Then from the certificate authorities download the default cert and install that in your client machine !!

I did followed the settings exactly like what you mentioned.
However, it didn't work out. Which is why i find it weird.
According to my understanding , locally signed certificate shouldn't be that difficult.
That's why i wanted to know if there's a way to find where i configured wrong.
I believe the KB articles had some missing info.
Assumingly the kb was done to only cover sophos xg firewall for those who already know how to configure it.
However, some details are seriously lacking.

What did you set as the 'Common Name' while creating the self-signed certificate and how do you access the firewall? Via IP address or by any fqdn? 
Your input will be valuable in regards to adding the details in the kB, please share with us !

As for common name, i just set it as XG450 which is not a hostname.


This is what i configured. I used the first internal interface.

Okay what is the hostname set under Administration > admin and user settings > hostname ?
And if it is the same, then download the default cert from certificate > certificate authorities and install that under the trusted root ca:

1. Open Microsoft Management Console and enter MMC in Run.
2. Click File > Add/Remove Snap-in.
3. Select Certificates from the list and click Add.
4. Select Computer Account and click Next.
5. Click Finish and OK.
6. Expand the list of certificate containers.
7. Right-click Trusted Root Authorities > All Tasks > Import.
8. Import the recently downloaded certificate.

hostname is HQFW001

keep the hostname and common name the same !!
And what is the common name in default cert is it different ?