Blocked website messages page not loading

Hi everyone.  I am configuring a XG430 and I'm unable to get the webpage to load that shows the messages when a website is blocked.  I see it is trying to load a page with the internal IP of the firewall (10.10.5.1:8090/.../po, but ultimately it says the site cannot be reached.

I am also unable to load the login page of the firewall via the browser using the 10.10.5.1 address, but I am able to ping it.

Any help is appreciated.  Thank you.



Added TAGs
[edited by: emmosophos at 6:38 PM (GMT -7) on 21 Jul 2021]
  • The interface -from which you come- belongs to which zone?
    Is access to the admin interface / proxy / ... allowed for this zone?
    Do websites work that are not blocked?
    WebAdmin works on a different address?

    You can change the BlockPage-URL at : administration // admin and user settings // Admin console and end-user interaction / "When redirecting users to the captive portal or other interactive pages ..."


    Dirk

    Sophos Solution Partner since 2003
    If a post solves your question click the 'Verify Answer' link.

  • I am on the LAN zone.

    I can now log in directly with the IP address so I know it is accessible (was using cloud connect before).

    Unblocked sites are working fine and the policies I enabled are also working.  Blocked sites try to redirect to the link I posted in the original message (see below) and ultimately time out.  I did notice that the certificate IP address did not match, so I created a new cert to fix that error but it still does not properly redirect to the block message page.

  • Hello Matthew,

    Adding to what Dirkkotte mentioned, it seems you’re using some type of authentication, looks like the page is redirecting to the Captive Portal.

    Make sure:

    1. You have installed the SecurityAppliance_SSL_CA certificate in the computers 

    2. In the Firewall rule that this traffic is hitting, does Match Known users also have Use Web Authentication for unknown users selected?

    3. Is the Captive Portal enable for the LAN zone? System >> Administration >> Device Access >> Local Service ACL >> Captive Portal

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Thank you for the reply, this solved part of my problem.

    1. Yes, I installed the certificate.

    2.  Match known users is disabled.

    3.  This fixed the issue for devices on server VLAN 10 (10.10.10.x) but not for the user on VLANs 20-60 (10.10.20.x, 10.10.30.x, etc.) despite all gateway info being the same.

  • Do you have Captive Portal activated on Device access for the zone? 

    __________________________________________________________________________________________________________________