Web Filtering Rule Position Question

Question

I have a web filtering rule to restrict explicit content access to one IP address. It is at the top of the rule base. However it does not work. I'm suspecting because I have another rule that allows this access and it is network based. 
 In my dealings in the past. Most firewalls use a top down hierarchy when it comes to applying the firewall rules. I know the web filter works because if I apply it to the network rule at the lower bottom the explicit content is blocked. 
 Secondly, since I am in transparent mode and I dont have users authenticating for network access is it possible to bypass the login page when the web filter blocks traffic and send them directly to the splash page?

lferrara · Answer

Bobby, 
 can you share your Firewall rule? 
 I suspect that the first rule the check box "Match know users" is checked. Even if users is any, users have to authenticate in order to hit that rule. XG as other firewall uses the top-down approach. 
 For the Block page, go to Autnetication > Services and at the bottom of the page, change the captive portal settings to "Prompt unauthenticated users to login: no" and there is another option that says "blocked message" but I cannot remember the correct name. 
 Regards