Modern Connect tunnel fails to connect to Appliance with Self-Signed Certificate post 12.4.0-02559.

Description

Modern Connect tunnel fails to connect to Appliance with Self-Signed Certificate  post 12.4.0-02559.  Is this expected?

Cause


Resolution

  • SonicWall had to follow security guidelines provided by CSfC  for securing communication between client and Appliance.
  • Keeping the above guidelines 12.4.0 hotfix-02559 has hardened which would not allow connections if the appliance do not have trusted Certificate. 

Note:

  • MCT Connections have no impact  with appliances using valid certificates from a trusted CA.
  • This change impacts  who use self-signed certificates.

Workaround

  • This is recommended only for internal or feature test or Lab or QA testing devices. Not recommended for production implementation this would pose security risk.
  • Add Self-Signed Certificate to trusted sites under Internet Options-Security-Trusted Sites add the url.
  • Or 
  • To allow such users for internal testing, below registry key can be used to override the default behavior.

 

[HKEY_CURRENT_USER\Software\SonicWall\SonicWall Secure Mobile Access]
"AllowUnsafeTLS"=dword:00000001

 

Note: This restriction is not implemented for Legacy version of Connect Tunnel.

Related Articles

  • SMA100 End of Support No-Charge Replacement FAQ
    Read More
  • SMA1000: Post upgrade to 12.5.0 on AWS and Azure, we show the error Could not retrieve the DNS settings once we log in to AMC/CMS console
    Read More
  • Firmware version required to upgrade to version 12.5.0.
    Read More

Categories

Secure Mobile Access
SMA 1000 Series
Connect Tunnel for Device Guard
not finding your answers?
Ask the Community