wrong SSL cert showing for Port Forwarded Web Server

[hardingt]

Hello Community!

Just set up my first firewall appliance and I'm having trouble connecting to a webserver on my LAN from the internet.

When I hit up the web address, I am getting ERR_CERT_AUTHORITY_INVALID, which makes sense because the CERT is the self signed one owned by the firewall: OPNsense.localdomain

What doesn't make sense (yet) is why it is serving that one at all instead of passing the traffic through to the internal server, which has its own letsencrypt cert which worked just prior to the firewall's installation.

So far, I've set up the Firewall -> Nat -> Port forwarding on 443
Source: Any
Destination: WAN address
Redirect Target: 192.168.1.98
Filter Rule Associate: Pass

I'm sure there's a gotcha (or a number of gotchas) I'm missing here.

[fabian]

You need to move the web interface to another port and disable the automatic redirect to make this work.

[hardingt]

Alright! I've moved the interface from 443 to 8443 and partial success! I now get _nothing_ when I hit up my URL.

I was wondering if you could give an assist with the

disable the automatic redirect

Is that associated with the anti lockout rules? or elsewhere in the interface?


Apologies for the size of the image, I can't find the spoiler tags :(

[hardingt]

Success!, I'll make a new topic for NAT reflection woes (can't access the site internally)

But the trick was first as fabian mentioned to move the admin port

Then I had to straight up delete the Port Forwarding rule, apply changes, then recreate it
At that point it created the associated Firewall rule and voila!

Thanks for the help!