Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocked site get the "Network Authentication" page instead of "Blocked Request" page...

Hi,
I just figured out to set the XG Firewall to used it only with Web Filtering.
Now when I have hit on a blocked policy, I'm redirected to the Captive Portal and I get the Network Authenticaion to login.
But I want to get the " Blocked Request" page and not the Network Authenticaion page.
How do I accplish this?
TIA



This thread was automatically locked due to age.
  • Just came across this (since I am seeing the same issue). I just want to make things clear for those trying to follow along.

    Webfiltering is supposed to throw a block page when a blocked website is requested.

    1. If webfiltering is enabled, but captive portal is disabled for the zone.. all you will get is nothing. The brower will sit there requesting some page from the gateway that never gets served up.

    2. If you have captive portal enabled; you get one of two pages (according to a setting). The setting is Gear Icon -> Authentication -> Authentication Services -> Unauthenticated users settings (at the bottom).
    2A. If the radio button is set to "captive portal", the requester will see a login page
    2Aa. If the requester can log into the captive portal, they will see the proper block page.
    2B. If the radio button is set to "Custom Message", they will see a page that says "You are not authorized to access.."

    The only way to currently get some sort of a "block page" is to change the settings as described in 2B, and change the custom message to something like this:

    <p align="center">The web site you are trying to access: {url}</font> is currently blocked.<br>If you believe it's been blocked in error, please contact your IT department.</p>

    The "{url}" entry will display the url the requester is trying to access.

  • Agreed, Alan, I found the same, and I do understand what Sophos is after - every user, authenticated, every time.   I imagine we'd get a nice, pretty block screen if we logged in with a user that did not have access...

    Per the per the docs, at least, per my understanding of the docs, that's not "how it's supposed to work."  When Redirection is set to no, the user should not be redirected AT ALL - and should just receive a message saying it is blocked.

    From docs.sophos.com/.../index.html

    Captive Portal Settings

    Unauthenticated users redirection
    Select "Yes" to redirect the access request of unauthenticated user either to the Captive Portal or Custom Message page.
    Select "No" to display "Access Denied" message to unauthorized user.

    I've opened a ticket w/ Sophos support.   I'll let you guys know what they say.

    --

    Chavous Camp

    UTM, SMC, SGN Certified Engineer / XG Certified Architect

  • Hi PabloDiablo :)

    Can you try disabling NTLM authentication ?
    Edit your LAN Zone, and under Devices Access / Authentication Services => uncheck NTLM

    Retry, and it should roxxx :)
  • it does not work for me.still the custom page of captive portal is displayed.
  • Support was able to reproduce it - or nearly enough - and has escalated the issue.

    --

    Chavous Camp

    UTM, SMC, SGN Certified Engineer / XG Certified Architect

  • Long time... what is the current status?
    Please provide us a release date for the fix.

  • Any update on this issue from support please?

    Just started testing in a VM and started to experience this issue would be great to get it fixed before full deployment
  • Could I please have the ticket number you received when you submitted this issue to our Support Team. I would like to follow-up on this.
  • Glad I'm not the only one who saw this working at some point and then suddenly started getting the login screen instead of the blocked screen I was expecting.
  • Is there any update on how to fix this problem?