Connect to a Firebox with Firefox
Web browsers use certificates to ensure that the device on the other side of an HTTPS connection is the device you expect. Users see a warning when a certificate is self-signed, or when there is a mismatch between the requested IP address or host name and the IP address or host name in the certificate. By default, your Firebox uses a self-signed certificate that you can use to set up your network quickly. However, when users connect to the Firebox with a web browser, a Secure Connection Failed warning message appears.
To avoid this warning message, we recommend that you add a valid certificate signed by a CA (Certificate Authority) to your configuration. This CA certificate can also be used to improve the security of VPN authentication. For more information on the use of certificates with a Firebox, see About Certificates.
If you continue to use the default self-signed certificate, you can add an exception for the Firebox on each client computer. Current versions of most web browsers provide a link in the warning message that the user can click to allow the connection.
Actions that require an exception include:
- About User Authentication
- Install and Connect the Mobile VPN with SSL Client
- Run the Web Setup Wizard
- Connect to Fireware Web UI
Common URLs that require an exception include:
https://IP address or host name of an Firebox interface:8080
https://IP address or host name of an Firebox interface:4100
https://IP address or host name of an Firebox
https://IP address or host name of an Firebox/sslvpn.html
https://IP address or host name of an Firebox:4100/sslvpn.html (In Fireware v.11.11.4 and earlier)
Add a Certificate Exception to Mozilla Firefox
If you add an exception in Firefox for the Firebox certificate, the warning message does not appear on subsequent connections. You must add a separate exception for each IP address, host name, and port used to connect to the device. For example, an exception that uses a host name does not operate properly if you connect with an IP address. Similarly, an exception that specifies port 4100 does not apply to a connection where no port is specified.
A certificate exception does not make your computer less secure. All network traffic between your computer and a Firebox remains securely encrypted with SSL.
In Firefox, you can add certificate exceptions in the advanced options.
- In Firefox, select Firefox > Options > Options.
The Options dialog box appears.
- Select Advanced.
- Click the Encryption tab, then click View Certificates.
The Certificate Manager dialog box opens.
- Click the Servers tab, then click Add Exception.
- In the Location text box, type the URL to connect to the Firebox. The most common URLs are listed above.
- Click Get Certificate.
- When the certificate information appears in the Certificate Status area, click Confirm Security Exception.
- Click OK.
- To add more exceptions, repeat Steps 4–7.