Link to home
Start Free TrialLog in
Avatar of Chip Levinson
Chip LevinsonFlag for United States of America

asked on

Cannot Access my New Firewall on Private 192.168 Network Due to Security Risk/Warnings

Hi,

I recently installed a SonicWall TZ270 Firewall in my home office environment.  I have four different "zones" set up.  The work zone has my main work PC, a Windows 2012 file server, a NAS device, and a network printer in it.  I am having several problems on start-up that I think are coming from my configuration and policy.


First, the work network is currently on the 192.168.1.xxx private network.  Ido have plans to move it off this default/common private network IP range.  When I try to log into my SonicWall device which is at 192.168.1.ABC I get multiple error messages.  I first get a message from BitDefender that the site is unsafe and I should go back.  It gives me the option of adding the site to an exception list.  Sorry, I cannot recreate the exact message.  When I say it is fine I get a further warning from Firefox or Chrome.  The Firefox warning:


Firefox detected a potential security threat and did not continue to 192.168.1.ABC. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.


The Chrome warning says:

Your connection is not private
Attackers might be trying to steal your information from 192.168.1.19 (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID


Originally, based on a training video SonicWall posted about setup, I set up policies allowing only certain traffic from "Work" to WAN.  I was only allowing DNS, HTTP, HTTPS, PING, and FTP.  A number of services did not work (email, remote access to a network via Citrix) so I eventually added a policy that allows ALL traffic from "Work" to WAN.  My plan is to address this in a separate question. 


1. Based on my firewall and its configuration, is there any risk in my going to this private address?  I assume not, but want to confirm.  I can always access the TZ270 using a laptop that is not in my Work network.

2. How do I stop this message from coming up every time I go to the site?  Is there a problem with the certificate on the firewall?  I would prefer to fix the problem as opposed to adding an exception, but an exception is OK if that is the best way to fix it and is safe.

ASKER CERTIFIED SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Chip Levinson

ASKER

Hi David,
Thanks for your continued help!  So the problem is that I cannot use a self-created certificate, I need an official one from an authority?  If so, I agree, add an exception.  How do I do this?  In each browser do I just add my firewall's unique IP into the trusted zone?  

If you have time, please see my other question about drive mapping issues.
why do non it admins require access to this? only 1 user basically on one machine needs access
Hi David, I am the only person on the Work network - a one-man show right now.  I just prefer to be able to access it from my desktop rather than plugging a laptop into an open port.

Also, would you confirm that unless I create a policy that allows one zone to talk to another, any device on my work zone will be 100% insulated from any device on my other zones like wife, kids, IoT devices, Wifi, etc.?