Certificate Error - Same sites every day.

Question

Hi! 
 I&acute;m facing an issue that I could not resolve. 
 I have and XG330 with SFOS 19.0.1 MR-1-Build365. 
 I use the firewall as a web proxy. Microsoft domain services enviroment. 
 It&acute;s weird that it&acute;s working any webpage without any problem and suddenly, the whole google suit stop working. Sometimes, bank sites like https://www.bancociudad.com.ar When the user tries to access, the tipical error shows up: 
 "NET::ERR_CERT_AUTHORITY_INVALID" 
 So, I deployed the Appliance Certificate to the clients. But it didnt work. 
 The issue resolves itself after 30 minutes, more or less. I mean, I do not touch nothing and suddenly, all start working again without problem. 
 Today, I look for the certificate and it&acute;s not my appliance certificate:

I dont know this certificate. 
 Here is the Rule in one of my networks: 
 
 I also manage an UTM SG330 in a different enviroment and I do not have this weird behavior 
 Some advices? Any help? Thanks

Michael Dunn · Accepted Answer

To follow up on the forum, the root cause is DNS. While going to one site, the XG is resolving the hostname with their internal DNS server and getting the IP for a completely different site.

emmosophos · Answer

Hello, 
 To update this thread, this is now being investigated under NC-114318 . 
 Regards,

Vivek Jagad · Answer

Hello IUSE Firewall ,

Thank you for reaching out to the community, please refer the following article - Sophos Firewall: Resolving "Not secure" error while browsing secure sites
And let us know if it has helped !

Certificate Error - Same sites every day.

Top Replies