Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 18 replies
  • Answers 3 answers
  • Subscribers 4 subscribers
  • Views 22106 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

bypass webpage blocked not working

Jean-Marc Debono

In our company, we have two Sophos SG210 set up in cluster. In the Sophos, proxy web filtering is activate on the cluster and the ByPass Users tab is enable for all Active Directory Users. However when a user (member of the domain) is connected on a website blocked by the Sophos UTM, the option to unblock webpage is displayed but when he clicks on the button, it leads to a authentication error webpage with no possibility to unblock the webpage. Can you please help me on this topic as it's really annoying for end users.

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    When the Exception link is selected, UTM is expecting an ADMIN login.   If you have an environment that allows admins to see user screens, this link is pretty useful.

    However, if you are going to let any employee to whitelist any webpage, why use UTM at all?    There are serious threats out there, and the only way to protect yourself from them is to analyze the threat before proceeding.

    Some of the things you could/should check:

    • What is blocked, a main page or a component?
    • Why is it blocked:  Category?  Reputation?  Encryption Protocols?  Company Policy?
    • If uncategorized, have you used TrustedSites.org to see whether McAfee agrees that it is uncategorized, and whether McAfee thinks it is safe?   (Until 9.6, UTM has some problems with overlooking some of McAfee's categories.)   If uncategorized, has it been submitted for evaluation?
    • Do a DNS lookup against quad9.org (9.9.9.9) and see if they return a result or not.   If UTM does not block the query and Quad9 returns no result, Quad9 thinks the DNS name is dangerous.

    I guess you could get your desired result by making every employee a member of the UTM admin group.

  • 0 in reply to DouglasFoster

    Thanks for your answer, unfortunately the problem is that when I want to bypass a website instead of having credentials to enter, I have a blank webpage with authentification error written at the top...

  • 0 in reply to DouglasFoster

    Thanks Douglas, in fact I use the web filtering like you described. Let me explain shortly :

     

    Web filtering is set up in transparent mode with Active Directory SSO for Default authentification, I also have the Block Access on authentification Failure ticked and the Enable device-specific authentification with Windows (Device) and Active Directory SSO (Mode). Regarding certificates, I also uploaded my own domain CA in the UTM to display blocked webpage. When I try to surf on a blocked webpage, the webpage of my UTM is correctly displayed saying that the content had been blocked by the UTM. On this page I also have a button labelled Unblock URL (will be logged). If I click on this button, instead of having a prompt to enter active directory credentials to unblock the webpage, a white webpage is displayed with Authentication ERROR written. The URL of this webpage is

    https://passthrough.fw-notify.net/static/auth_override.html?category=146&return=https://amazon.fr/

     

    I hope that you understand better now DouglasFoster

     

  • 0 in reply to Jean-Marc Debono

    You didnt setup who users or groups can unblock. You have a mishmash configuration there.

    If the PC is in a domain, the browser it is automatically authenticated with the user logged in.

    Better to read the help file how it works

    Bye

  • 0 in reply to Ol Deda

    For a test, all authenticated users are able to bypass webpage :

     

     

    Regarding proxy mode I have the Following set :

     

    You want me to disable Device Specific authentification ?

     

    Thanks

  • 0 in reply to Jean-Marc Debono

    It doesnt make sense that for anyone is blocked and anyone can bypass blocked.
    Yes disable Specific Authentication

  • 0 in reply to Ol Deda

    I agree with you but just for testing it was set up like this. Even with disable specific device authentification it still doesn't work.

  • 0 in reply to Jean-Marc Debono

    You have to create profiles.

    First allow for Ad users.

    If fails

    For all the rest of network

    I will try to upload the old schema if i find it

  • 0 in reply to Ol Deda

    I created an AD group and allow this group to bypass blocked pages, and it still doesn't work. I still have the authentication error displayed when i click on unblock page...

  • 0 in reply to Jean-Marc Debono

    What happens when you put authentication "None" or Browser?

    If it still fails you have to do more job on user definitions and SSO

  • 0 in reply to Ol Deda

    I try both none and browser and I still have the same issue, authentication error

  • 0 in reply to Jean-Marc Debono

    It is time for you to contact Sophos support.   We don't know what you did wrong, but this part of the product works very predictably.   And if you have found a bug, we cannot get it fixed, only Sophos Support can do so.   If you use UTM for a business, you should be on a support contract.

Reply Children
No Data
Unfiltered HTML