Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Website block message customization not working

Hi!

We are migrating from UTM to XG using the migration tool. We generated the config and imported it into our spare SG. Until now, all good.

We were polishing the install, creating rules, customizations and so on, and we found a weird problem. We customised the web proxy error messages in "Web -> User notifications" (see picture below) and the preview shows what we want, but when we try to access a blocked website, the message it displays is completely different, and it's shown twice!

Also, it's trying to show a picture at the top and bottom, which are the "Custom images" I tried setting, but removed in the end. Somehow it still thinks it should display them although the box is clearly unchecked.

Note that I had to go to "Web -> Categories" and in every single category go to Advanced Settings and UNCHECK the "Override default notification page". It was checked by default in every category with a message that was displaying correctly, only once, but was really crappy without HTML or any colours.

Anyone can help us fix this?
Thanks!

Config:

Expected (preview):

Got:



This thread was automatically locked due to age.
Parents
  • This looks like an issue with the migration.  It tried to migrate the UTM block pages and somehow its been screwed up.

    Can you try turning off the custom block messages.  Save.  Then turn them on again.  Or making some change and saving.  It needs to regenerate the page templates.

  • Thanks for your answer. Unfortunately we already tried that.

    Do you know any other way of resetting that? Maybe SSH into the device and delete the template files so they get regenerated or something similar?

  • Hi Michael. I have exactly the same problem. Was there a solution?

  • Hi Zac,

    Yes, there is a solution, it's some kind of known error with the migration process. There is a command you should execute in the shell but since Michael sent it through PM I don't think I should post it here...

    Hopefully he will contact you too.

    Regards.

  • Thanks ZLogistics. I've been provided with the command and will try it tomorrow.

  • Hi Michael

    I am having exactly the same problem with a config that was migrated from our old UTM.

    Is there any chance you could provide me with the command to fix too please?

    I have another session coming up with Sophos PS to finalise our migration but I would like to get some of these niggly things sorted before that happens so that we can spend the PS hours on bigger issues :)

    Thanks in advance

    Ben

  • The UTM to XG migration tool is in Alpha.  Not even Beta.  It should not be used by customers on production systems.  Partners should not handing it out because it has numerous problems.  Though I know how to clean up this issue, I am concerned because there are other issues that have been flagged against the current tool that you might experience and may not know it.  As far as I know it is not production ready.  If you have a partner who is encouraging you to use that tool then the partner should be aware of the issues and resolutions that are required for it - and if the partner is not then that is a red flag that they are playing in dangerous waters.

    Please - for anyone else reading this thread - do not ask for the migration tool from Sophos or your partners.  I know people are eager but be patient and wait for the tool finish development and testing.

  • Thanks Michael for the feedback, but the tool was used by Sophos Professional Services to migrate the config from our old box onto a new one, and the new one isn't in production yet. So I understand your concern, but at this stage it's unwarranted, in our case at least.

    I am currently testing the new XG box and it's not in production yet. Like I said, I'm just trying to get a couple of these things sorted out before our next engagement with Sophos. I'm not actually asking for the migration tool either - just some info on how to fix the issue with these block pages being misconfigured in the migrated config.

  • If Sophos Professional Services is performing the migration, then Sophos Professional Services should know how to resolve all issues related to it.  And if they don't, it's the perfect time for them to learn.  :)

Reply Children
  • I'm sure they do, and I'm currently waiting for a response from them (the engineer I've been dealing with has been on leave). But seeing as I found this thread and it appeared other people had been given the solution, I thought I would ask in order to speed up the process.