Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall Blocking Page

Kramnai

Hi!

I am currently exploring Sophos based on my prior experience with it back in 2014. I am gradually migrating from my MikroTik setup to a Sophos Home Firewall, primarily due to its advanced security features.

I have set up Sophos Home Firewall on Protectli Vault Series mini-PC hardware, and it is functioning as expected. I have enabled Web, Application, Antivirus, and IPS filtering on my LAN-to-WAN firewall rules. Additionally, I have configured multiple WAN connections with SD-WAN for application-based rerouting, particularly for video and conference calls required for office work.

I have a question regarding the blocking page. Do I need to enable user authentication to display a more detailed blocking page that explains what content is being blocked and why? At present, the blocking page only shows the message: "Access Blocked: Policy block due to web category" (as seen in the left-side image).

How can I configure the blocking page to display the version shown on the right side?


Regards



This thread was automatically locked due to age.
  • 0

    Hi Kramnai,

    Thank you for reaching out to Sophos Community.

    Kindly check the following configuration via PROTECT>WEB>User Notification>Message for Block Action

    Also, see below post for additional reference

     Customizing Block Message for Web 

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

    • 0 in reply to Erick Jan

      Hi Erick, 

      Thank you for your reply! I have already enabled the "Message for block" action, but it is still using the "Access Blocked: Policy Block" message (as seen in the image).

      I also tried it on different browsers, but the result remains the same.

      Here is my settings;

      • 0 in reply to Kramnai

        The block page that you are seeing is not generated by the Sophos Firewall.  Do you have an endpoint solution or something else that is also doing blocking, that is perhaps blocking earlier?

        Try this:  Make sure you can go to a website (eg poker.com).  Then change your web policy to block Gambling.  Now go there.  Do you get the correct block page?

        • 0 in reply to Michael Dunn

          Thank you for your reply. I do not have any other security device that might be causing the block. While I have Bitdefender installed, URL filtering is not enabled on my PC. My office laptop uses S1, and both devices are showing the same blocking page, even on a freshly created Windows VM running on Proxmox with no antivirus installed. I’ve also tried your advice, but the block page still does not appear.

          • 0 in reply to Kramnai

            For the HTTPS sites, the certificate would need to be created for the block and signed by a CA.  Can you look at the certificate signer and see who it is signed by?

            • 0 in reply to Michael Dunn

              The blocked page is signed by Sophos SSL. Please see the image below.

              • +1 in reply to Kramnai

                Found the page, it is a fallback in DPI mode.


                Can you go to Administration, Admin and User settings > Admin console and end user interaction
                When redirecting users...

                By default it should be "Use the IP address of the first internal interface" and that is has the IP of the first LAN port.

                What do you have on the page (screenshot).  Can you change it to the configured hostname (assuming the client can DNS resolve the hostname).

                • 0 in reply to Michael Dunn

                  Hi Michael,
                  Thanks for your help! It seems to be working now, but I think I also need to install the default certificate used by Sophos to avoid the "Your connection isn’t private" message. Alternatively, I could use Let's Encrypt to generate a certificate for the FQDN.

                  • 0 in reply to Kramnai

                    It looks great now using an FQDN with Let's Encrypt SSL. Thank you for the help  

                Unfiltered HTML