-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Modern Connect tunnel fails to connect to Appliance with Self-Signed Certificate post 12.4.0-02559.
09/25/2020 
9 People found this article helpful
474,154 Views
Description
Modern Connect tunnel fails to connect to Appliance with Self-Signed Certificate post 12.4.0-02559. Is this expected?
Cause
Resolution
- SonicWall had to follow security guidelines provided by CSfC for securing communication between client and Appliance.
- Keeping the above guidelines 12.4.0 hotfix-02559 has hardened which would not allow connections if the appliance do not have trusted Certificate.
Note:
- MCT Connections have no impact with appliances using valid certificates from a trusted CA.
- This change impacts who use self-signed certificates.
Workaround:
- This is recommended only for internal or feature test or Lab or QA testing devices. Not recommended for production implementation this would pose security risk.
- Add Self-Signed Certificate to trusted sites under Internet Options-Security-Trusted Sites add the url.
- Or
- To allow such users for internal testing, below registry key can be used to override the default behavior.
[HKEY_CURRENT_USER\Software\SonicWall\SonicWall Secure Mobile Access]
"AllowUnsafeTLS"=dword:00000001
Note: This restriction is not implemented for Legacy version of Connect Tunnel.
ISSUE ID:
Related Articles
- How to Set Timeout for Inactive Tunnel Connections
- Commands for silent installation of NetExtender via CMD line
- Users on Netextender 10.3.0 version failing to connect with the following error message " Cannot get a response from the server "
YES
NO