After upgrading the SSLV to version 18.104.22.168 some customers may find that they are unable to establish a connection to the WebUI if using a Fully Qualified Domain Name (FQDN), but when using the appliance's IP address the connection works.
There could also be issues encountered when connecting to the SSLV using the IP when the destination address has been natted.
This change in behavior was introduced with bug fix "SSLV-2695 - Addresses a potential DNS rebinding vulnerability".
When logging into the SSL Visibility WebUI using the appliance's FQDN, it is now a requirement that the hostname or IP configured on the appliance match the HTTP host header sent from the client. The SSLV now verifies if the host header matches the hostname, or if there is no hostname that the IP address matches what is configured on the appliance.
Example: If you are trying to connect to https://sslv-appliance.internal.lab but the hostname configured on the SSLV is sslv-appliance there will be a mismatch and the connection will fail. If you are trying to connect to https://22.214.171.124 but the destination IP has been natted to 126.96.36.199, which is configured on the appliance, there will be a mismatch and the connection will fail.
The following message could be displayed in the browser.
Firefox: "Secure Connection Failed" Internet Explorer: "This page can't be displayed" Chrome: "ERR_EMPTY_RESPONSE"
To resolve this issue log into the SSL Visibility WebUI using the appliance IP address, for example, https://188.8.131.52. Click on the hostname in the upper right hand side of the WebUI and select "Management Network".
Modify the Hostname to match the FQDN. Once completed, Apply the changes and reboot the SSL Visibility appliance.
If the destination IP has been natted this will not work. The only solution at this point would be to remove the NAT or connect to the SSLV locally and configure a FQDN.
Imported Document ID: 000032608
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.