bypass webpage blocked not working

When the Exception link is selected, UTM is expecting an ADMIN login.   If you have an environment that allows admins to see user screens, this link is pretty useful.

However, if you are going to let any employee to whitelist any webpage, why use UTM at all?    There are serious threats out there, and the only way to protect yourself from them is to analyze the threat before proceeding.

Some of the things you could/should check:

• What is blocked, a main page or a component?
• Why is it blocked:  Category?  Reputation?  Encryption Protocols?  Company Policy?
• If uncategorized, have you used TrustedSites.org to see whether McAfee agrees that it is uncategorized, and whether McAfee thinks it is safe?   (Until 9.6, UTM has some problems with overlooking some of McAfee's categories.)   If uncategorized, has it been submitted for evaluation?
• Do a DNS lookup against quad9.org (9.9.9.9) and see if they return a result or not.   If UTM does not block the query and Quad9 returns no result, Quad9 thinks the DNS name is dangerous.

I guess you could get your desired result by making every employee a member of the UTM admin group.

Thanks for your answer, unfortunately the problem is that when I want to bypass a website instead of having credentials to enter, I have a blank webpage with authentification error written at the top...

It doesnt make sense that for anyone is blocked and anyone can bypass blocked.
Yes disable Specific Authentication

I agree with you but just for testing it was set up like this. Even with disable specific device authentification it still doesn't work.

You have to create profiles.

First allow for Ad users.

If fails

For all the rest of network

I will try to upload the old schema if i find it

I created an AD group and allow this group to bypass blocked pages, and it still doesn't work. I still have the authentication error displayed when i click on unblock page...

What happens when you put authentication "None" or Browser?

If it still fails you have to do more job on user definitions and SSO

I try both none and browser and I still have the same issue, authentication error

It is time for you to contact Sophos support.   We don't know what you did wrong, but this part of the product works very predictably.   And if you have found a bug, we cannot get it fixed, only Sophos Support can do so.   If you use UTM for a business, you should be on a support contract.

Something is missing from Authentication. You have to create a group in Sophos with Backend membership.
Lets say "domain admins". The logic is not all users in domain have the same rights to use the proxy. Authentication can be AD SSO, but profiles requires specific OU Groups

I just submitted a new ticket to sophos support because I have on my backup site also a Sophos (a smaller one with no cluster) and the bypass proxy is working well. The backup site is integrated at my active directory and I have the same settings on every proxy tab in the sophos configuration so I don't understand where my problem is.

Salut Jean-Marc and welcome to the UTM Community!

I suspect the problem is the definition of "Active Directory Users."  There are places where WebAdmin doesn't get things right if your AD Backend Group is not defined using a manually-created Security Group in AD.  See Configuring HTTP/S proxy access with AD SSO.  Although the article is aimed at Standard mode, 98% of it applies to Transparent mode, too.

Cheers - Bob

Salut Jean-Marc and welcome to the UTM Community!

I suspect the problem is the definition of "Active Directory Users."  There are places where WebAdmin doesn't get things right if your AD Backend Group is not defined using a manually-created Security Group in AD.  See Configuring HTTP/S proxy access with AD SSO.  Although the article is aimed at Standard mode, 98% of it applies to Transparent mode, too.

Cheers - Bob