Firefox is slow with Sonicwall HTTPS and TLS handshake

July 23, 2018
| No Comments

Wow… This is a problem that you kind of, after looking at it, cannot point fault at, but realize it just takes a little common sense to fix it… let me explain…

 

When you create a new Sonicwall setup, Sonicwall by default sets the HTTPS certificate name to 192.168.168.168…. If  you go into your Firefox cert list:

  • Options -> “Privacy & Security” -> [View Certificates…]
  • Scroll the list down to “HTTPS Management Certificate for SonicwWALL (self-signed)

 

Now, here’s the cool part, you can mass select all the 192.168.168.168 certificates… Do so and delete them…

 

But Uncle Carl, when I go back in, I have to add these all back in… Well, yes and no…

 

As you log back into each Sonicwall, when you get the “Your connection is not secure”, go ahead and click on [Advanced] and then on the [Add Exception…]. This will bring up a “Add Security Exception” window. Click on [VIEW] and look at the “Common Name (CN)”. If the Common Name is 192.168.168.168, UNCLICK the “Permanently store this exception” then click on [Confirm Security Exception]. This will let you login to the Sonicwall, for now, that has the defaulted cert name [192.168.168.168]… To many of these and Firefox has a problem…

 

Ok, Uncle Carl, how do we fix this?

 

Simple, now that you have a temporary TLS approval to login to the Sonicwall, go to SYSTEM -> Administration on the Sonicwall. Under the “Web Management Settings”, change the “Certificate Common Name” from 192.168.168.168 to something else, I like to use the Site name but you can use X0 LAN IP address or even X1 WAN IP address, if it’s static. Or pick a name for the cert, like ACME or COMPANY-X. Then click on the [REGENERATE CERTIFICATE]. As long as the Common Name is not 192.168.168.168…

 

Now, it’s time to force the sonicwall to resend the cert to your firefox… Click on the SSL lock with the yellow warning. Click on the large “>” to get the certificate information. Click on [Remove Exception]. This will kill the temporary exception we did above… You will get the “Your connection is not secure”, and follow the instructions above to check that the cert (by clicking on [VIEW…]) to see the name of the certificate is now the new IP address or NAME you gave to the Sonicwall. Once you add the certificate, it will be under the Certification Manager as “HTTPS Management Certificate for SonicWALL (self-signed)”, but under it’s own name! This is what fixes the issue of Firefox being slow! You don’t have 100+ 192.168.168.168, but individual SonicWALL certs for each Sonicwall.

 

So, a little work on the Sonicwall will avoid killing Firefox… Should Firefox fix this, maybe as it appears to almost be a slow DOS attack but requires the user to keep adding more bypasses on the SSL certifications.

 

Hope this helps my fellow Firefox users and Sonicwall Administrators!

 

 

 

Firefox, Sonicwall