SG-4860 out of box experience…SSL on web interface doesn't work



  • I've used pfSense as a VM and decided I wanted a dedicated hardware firewall, so I bought an SG-4860.

    Following the quick start guide, I can't connect to the web interface at all.  Firefox says the connection was reset, IE gives its typical useless error message, openssl s_client -connect 192.16.1.1:443 fails the handshake, and wget also fails.  This isn't a certificate trust issue…there just doesn't appear to be anything speaking SSL on port 443 on the LAN interface.  I can ping 192.168.1.1 from the laptop that is connected, but that's pretty much all I can do.

    Any ideas?



  • Did you try going to http, port 80?  Do you have a console cable?  Since you purchased the unit, you should have a limited number of support tickets  available;  you could use one of those.



  • The only solution was to disable HTTPS on the web interface using the console to change the default LAN IP.  This change gives the option to disable HTTPS.  Since there doesn't seem to be any other way to make this change via the console, it's good that option is given.

    Luckily, I had a way to the Internet that wasn't through this device so I could download the USB to COM driver.  If this had been my only firewall, I would have been SOL  The quick start guide is very specific about what to do, and if I hadn't been as familiar with pfSense to be willing to hit the console and see what I could do, it's a pretty bad OOBE for such an expensive item.

    I still haven't been able to get SSL to work on the GUI, but since I only allow access from the LAN, it's not really a big deal.


  • Netgate

    What is the output of openssl s_client -connect 192.168.1.1:443?



  • Mixing up the LAN and WAN?

    Many simple mistakes can cause that.