Hi everyone. I am configuring a XG430 and I'm unable to get the webpage to load that shows the messages when a website is blocked. I see it is trying to load a page with the internal IP of the firewall (10.10.5.1:8090/.../po, but ultimately it says the site cannot be reached.
I am also unable to load the login page of the firewall via the browser using the 10.10.5.1 address, but I am able to ping it.
Any help is appreciated. Thank you.
Adding to what Dirkkotte mentioned, it seems you’re using some type of authentication, looks like the page is redirecting to the Captive Portal.
1. You have installed the…
The interface -from which you come- belongs to which zone?Is access to the admin interface / proxy / ... allowed for this zone?Do websites work that are not blocked? WebAdmin works on a different address?
You can change the BlockPage-URL at : administration // admin and user settings // Admin console and end-user interaction / "When redirecting users to the captive portal or other interactive pages ..."
Sophos Solution Partner since 2003 If a post solves your question click the 'Verify Answer' link.
I am on the LAN zone.
I can now log in directly with the IP address so I know it is accessible (was using cloud connect before).
Unblocked sites are working fine and the policies I enabled are also working. Blocked sites try to redirect to the link I posted in the original message (see below) and ultimately time out. I did notice that the certificate IP address did not match, so I created a new cert to fix that error but it still does not properly redirect to the block message page.
1. You have installed the SecurityAppliance_SSL_CA certificate in the computers
2. In the Firewall rule that this traffic is hitting, does Match Known users also have Use Web Authentication for unknown users selected?
3. Is the Captive Portal enable for the LAN zone? System >> Administration >> Device Access >> Local Service ACL >> Captive Portal
Thank you for the reply, this solved part of my problem.
1. Yes, I installed the certificate.
2. Match known users is disabled.
3. This fixed the issue for devices on server VLAN 10 (10.10.10.x) but not for the user on VLANs 20-60 (10.10.20.x, 10.10.30.x, etc.) despite all gateway info being the same.