Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I have to keep re-logging into firewalls

    webGUI
    2
    5
    921
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jason0
      last edited by

      Hi,

      I have two firewalls setup in a carp formation.  As a result, when I am doing package management, or need to compare settings, I will have two tabs on my web browser:one for each firewall.

      Once I updated to 2.1.4, when I switch between tabs, I have to login to that firewall again.  Even if a mere 10 seconds passes.  It's as if the session management is clobbering one-another.  The act of logging into firewall A breaks the login on the other tab for firewall B.  The system logs on both firewalls show each successful login, but don't have anything when the login is apparently broken.

      It's making me a bit crazy.  Is there a fix for this?

      Browser is chrome, safari, and firefox, on two separate macintoshes.

      –jason

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Are you sure you are connecting to the firewall directly and not to a CARP VIP?

        Are the CARP VIPs swapping status back and forth? Anything in the system logs?

        The two nodes can't affect each others' GUI sessions, so unless you're getting bounced between them somehow nothing obvious comes to mind as to why it would repeatedly timeout.

        One other remote possibility could be if you have a broken GUI certificate and it's set to use HTTPS but actually using HTTP. The cookie would be set secure only and wouldn't work if the browser was using HTTP, though typically it doesn't present quite like that.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • J
          jason0
          last edited by

          Hi!

          I am using the lan ip addresses, and not the Carp ips.  There may be another wrinkle, but it's never been an issue before: I am using ssh port-forwarding to connect through the firewalls from the internet.  I will go to the colo today and test this when connected directly to the lan.

          ssh workhorse -L9443:192.168.50.11:443 -L8443:192.168.50.12:443

          The carp ip address is 192.168.50.1.

          The two tabs I am using on the web browser are: https://localhost:9443 and https://localhost:8443.

          Ah: here we are

          Jul  9 00:54:39 colo-fw1 lighttpd[25341]: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request 
Jul  9 00:54:39 colo-fw1 lighttpd[25341]: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request 
Jul  9 00:54:39 colo-fw1 lighttpd[25341]: (connections.c.305) SSL: 1 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request

          –jason

          1 Reply Last reply Reply Quote 0
          • J
            jason0
            last edited by

            And: i see the sticky topic about bad webgui ssl certificates.  I will look into that as well.

            –jason

            1 Reply Last reply Reply Quote 0
            • J
              jason0
              last edited by

              Hello,

              I managed to get to the colo recently and tested on the same lan: I was able to remain logged in to both tabs, so it appears to be something with ssh port forwarding.  I will dig into it some more and get back to you.

              BTW: I have not done anything about the potential bad webgui ssl certificates…

              --jason

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.