NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Login to Orbi router displays not secure, using HTTP instead of HTTPS
After I log in to my router, connection status on the browser shows "Not secure". I click the exclamation icon and see "Your connection to this site isn't secure". I'm using the latest firmware, V2.7...
The browser is doing that.
What happens if you use HTTPS://192.168.1.1?
It's not a security issue if you use HTTP vs HTTPS on the LAN side for the mangement page.
Though NG has now fully supported HTTPS using this FW version:
I get a security warning then choose to proceed anyway. It lets me in but the https is crossed out (see screenshot). Also, the firmware version is 2.7.1.60, which is newer than the one you suggested and "Always Use HTTPS to Access Router" is enabled (see screenshot).
Actually v2.7 is a different fork from v2.6 and v2.7 has different features from V2.6. v2.7 is meant for USA region users only.
Always Use HTTPS to Access Router is used for remote access from remote locations from the WAN side. This doesn't enable HTTPS on the LAN side of the router on it's web page.
You're wrong about "This doesn't enable HTTPS on the LAN side". The option "Always use HTTPS" is intended specifically for Local Management (i.e. LAN). Remote management already includes the https prefix. Refer to screenshot again and you'll see it.
Btw, I live in the USA so the firmware applies to me.
FURRYe38 wrote:Always Use HTTPS to Access Router is used for remote access from remote locations from the WAN side. This doesn't enable HTTPS on the LAN side of the router on it's web page.
It seems to me that DG1980 has a valid point. The screen shot clearly shows "Local Management" with the check box for "Always use HTTPS". Looks like a bug (to me). So, we're back to the problem that Netgear provides no method for users to provide bug reports.
Browsers have different ways of dealing with http/https alternatives. Some browsers appear to search for an https with the same URL before they connect even if the user has specified http.
Can you confirm (a) which browser, and (b) the URL that was entered (http vs https)?
