bypass webpage blocked not working

Can anyone help please ?

When the Exception link is selected, UTM is expecting an ADMIN login.   If you have an environment that allows admins to see user screens, this link is pretty useful.

However, if you are going to let any employee to whitelist any webpage, why use UTM at all?    There are serious threats out there, and the only way to protect yourself from them is to analyze the threat before proceeding.

Some of the things you could/should check:

• What is blocked, a main page or a component?
• Why is it blocked:  Category?  Reputation?  Encryption Protocols?  Company Policy?
• If uncategorized, have you used TrustedSites.org to see whether McAfee agrees that it is uncategorized, and whether McAfee thinks it is safe?   (Until 9.6, UTM has some problems with overlooking some of McAfee's categories.)   If uncategorized, has it been submitted for evaluation?
• Do a DNS lookup against quad9.org (9.9.9.9) and see if they return a result or not.   If UTM does not block the query and Quad9 returns no result, Quad9 thinks the DNS name is dangerous.

I guess you could get your desired result by making every employee a member of the UTM admin group.

Thanks for your answer, unfortunately the problem is that when I want to bypass a website instead of having credentials to enter, I have a blank webpage with authentification error written at the top...

1 How the Web Filter authentication is configured? It is in browser mode or Active directory

2 How the Web Filter port is configured Standart Mode or Transparent mode

I think you have configured the proxy in standart mode (redirecting browser in port 8080 or 3821)
This error can be bypassed if the Proxy is in Transparent Mode
or In the client browser check Bypass proxy server for local addresses

I will suggest you Importing the UTM certificate as well on the clients. Or you can push it by Active Directory GPO

It might help us advise you, if you clarified what authentication method and proxy method you are using.  Mostly I am confused because I cannot account for your symptoms, if I understand them correctly:   I think you said that: you get the block page, you click to create an exception, then you get an authentication error without ever being prompted for a login.

(In my environment, we use Active Directory SSO for authentication, with both Standard and Transparent proxies enabled for all users, https inspection enabled for some users.)

When UTM blocks a HTTPS page, it uses its own CA to generate a certificate to emulate the blocked site.   Consequently, you need to distribute the CA root certificate so that the block page is displayed without any warnings.  But it sounds like this does not apply to your complaint.

The links on the block page refer to fw.passthru-notify.net or fw.passthrough-notify.net.   These names are reserved by Sophos and intended to force the traffic through your UTM.  If something in your DNS causes the name to be blocked or the traffic to be misrouted, this might contribute to the reserved behavior, but it is pretty hard to get this one wrong.

When we click on one of the create-exception links, we get a basic-mode pop-up window, with a title that says "fw.passthru-notify.net requires authorization" or something to that effect.   If you block pop-ups, the prompt may be missed.   That is where an admin account must be provided.   Users try to enter their own credentials and it fails.

If your filter profile says to block all unauthenticated users, that might also cause the problem.   I cannot be sure because I have not tried it; my default rule allows some traffic, even for unauthenticated users.

Thanks Douglas, in fact I use the web filtering like you described. Let me explain shortly :

Web filtering is set up in transparent mode with Active Directory SSO for Default authentification, I also have the Block Access on authentification Failure ticked and the Enable device-specific authentification with Windows (Device) and Active Directory SSO (Mode). Regarding certificates, I also uploaded my own domain CA in the UTM to display blocked webpage. When I try to surf on a blocked webpage, the webpage of my UTM is correctly displayed saying that the content had been blocked by the UTM. On this page I also have a button labelled Unblock URL (will be logged). If I click on this button, instead of having a prompt to enter active directory credentials to unblock the webpage, a white webpage is displayed with Authentication ERROR written. The URL of this webpage is

https://passthrough.fw-notify.net/static/auth_override.html?category=146&return=https://amazon.fr/

I hope that you understand better now DouglasFoster

You didnt setup who users or groups can unblock. You have a mishmash configuration there.

If the PC is in a domain, the browser it is automatically authenticated with the user logged in.

Better to read the help file how it works

Bye

For a test, all authenticated users are able to bypass webpage :

Regarding proxy mode I have the Following set :

You want me to disable Device Specific authentification ?

Thanks

It doesnt make sense that for anyone is blocked and anyone can bypass blocked.
Yes disable Specific Authentication

I agree with you but just for testing it was set up like this. Even with disable specific device authentification it still doesn't work.