Connect to a Firebox with Firefox
Web browsers use certificates to ensure that the device on the other side of an HTTPS connection is the device you expect. Users see a warning when a certificate is self-signed, or when there is a mismatch between the requested IP address or host name and the IP address or host name in the certificate. By default, your Firebox uses a self-signed certificate that you can use to set up your network quickly. However, when users connect to the Firebox with a web browser, a Secure Connection Failed warning message appears.
To avoid this warning message, we recommend that you add a valid certificate signed by a CA (Certificate Authority) to your configuration. This CA certificate can also improve the security of VPN authentication. For more information about certificates and your Firebox, see About Certificates.
If you continue to use the default self-signed certificate, you can add an exception for the Firebox on each client computer. Current versions of most web browsers provide a link in the warning message that the user can click to allow the connection.
Actions that require an exception include:
- About User Authentication
- Install and Connect the Mobile VPN with SSL Client
- Run the Web Setup Wizard
- Connect to Fireware Web UI
Common URLs that require an exception include:
https://IP address or host name of an Firebox interface:8080
https://IP address or host name of an Firebox interface:4100
https://IP address or host name of an Firebox
https://IP address or host name of an Firebox/sslvpn.html
https://IP address or host name of an Firebox:4100/sslvpn.html (In Fireware v.11.11.4 and earlier)
Add a Certificate Exception to Mozilla Firefox
If you add an exception in Firefox for the Firebox certificate, the warning message does not appear when you connection to the Firebox again. You must add a separate exception for each IP address, host name, and port used to connect to the Firebox. For example, an exception that specifies a host name does not operate properly if you connect with an IP address. Similarly, an exception that specifies port 4100 does not apply to a connection where no port is specified.
A certificate exception does not make your computer less secure. All network traffic between your computer and a Firebox remains securely encrypted with SSL.
From Firefox, you can add certificate exceptions in the advanced options.
- Select Firefox > Options > Options.
The Options dialog box appears.
- Select Advanced.
- Select the Encryption tab, then click View Certificates.
The Certificate Manager dialog box opens.
- Select the Servers tab, then click Add Exception.
- In the Location text box, type the URL to connect to the Firebox. The most common URLs are listed above.
- Click Get Certificate.
- When the certificate information appears in the Certificate Status area, click Confirm Security Exception.
- Click OK.
- To add more exceptions, repeat the steps to add exceptions (select the Servers tab, then click Add Exception).