Public access is only possible through IP direct connection

  • I a a bit confused by the fact that it I connect to my firewall through its name : …. the Certificate is now correctly installed but I can only connect to my firewall public interface through its IP address (to prevent DNS Rebind attack).
    Now I could create a certificate with alternative names but that seems to be not possible with CACert certificates.
    So, What is the point of creating a specific certificate if the firewall expects us to connect to the IP directly (I could "of course" buy a Certificate for that IP).

    Thanks for explaining me the point ?


  • That makes it fail the DNS rebinding and/or HTTP REFERER checks, where the hostname you're using isn't the hostname configured on the system. Either change it under System>General Setup, or add an alternate hostname under System>Advanced.

Log in to reply