Operational Defect Database
BugZero found this defect 1958 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000g3TqSAI
Warning message when you save Firebox configuration when OCSP enabled in HTTPS server proxy action
Last update date:
1/8/2019
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.2.x
12.3.x
Fixed releases:
All
Description:
Issue
In Fireware v12.x, the HTTPS server proxy action does not support OCSP for certificate validation, because there is no need for the Firebox to validate the certificates of servers inside your network. If your Firebox has an HTTPS server proxy action with OCSP enabled, and the OS compatibility for your Firebox is set to 12.0 or higher, attempts to save the configuration file to your Firebox will always be interrupted with this message:The OS version of the Firebox or configuration file does not support WebBlocker or OCSP settings in HTTP server proxy actions. These settings will be removed. Do you want to continue? If you click Yes, the save will complete successfully, but this message will appear each time you try to save your configuration file.
Workaround/Solution
Follow these steps to remove OCSP from your HTTPS proxy actions: In Policy Manager, select Setup > OS Compatibility.From the For Fireware version drop-down list, select 11.9 - 11.12.x and click OK.Select Setup > Action > Proxies.Select your HTTPS server proxy action and click Edit Pre-defined proxy actions appear in Blue and will not have OCSP enabled.Clear the Use OCSP to validate certificates check box. Click OK.Repeat steps 4-6 with all other user-defined HTTPS server proxy actions.Click Close.Select Setup > Action > Proxies.From the For Fireware version dropdown, select 12.0 or higher and click OK. After you make this change, you should no longer see this error message when you try to save your configuration file to the Firebox.
