Thread Info
  • State Verified Answer
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 7586 views
  • Users 0 members are here
Options
Suggested

Web policy block page not loading

shred

When trying to access a website that is being blocked by a web policy, the Sophos page that typically loads saying the site is blocked is not loading. Tried this in both Safari and Chrome. I'm just getting the error (in Safari):

Safari Can't Open the Page

Safari can't open the page: "172.16.16.16:8090/ips/block/webcat....<truncated>" because the server where this page is located isn't responding.

Similar error in Chrome (e.g. "This site can't be reached").

Parents Reply Children
  • 0 in reply to Emile Belcourt

    Unknown said:

    Thanks for the update. I'm guessing the captive portal webserver and the other elements are laced into that?

    So it's not a case of just moving the captive portal onto, say, 8091 and it would have to be unpicked from all the other elements?

    There are several options.  One option is just to rename the column.  One option is to start using another port and add a new column for it.  One option is to start using another port, but add it to the existing "web proxy" column.  Is there a fundamental reason for separating Captive Portal from other services?  Or for separating DPI mode?  If we create a new port and we have four distinct functions, which ones should be grouped on same port.  Each choice has different upgrade implications.  Also important for timelines, is how many different teams need to coordinate to make changes.  The change itself is probably small, but how many different things need regression testing.  If we are changing what ports we are opening, are there security implications and do we need new external audits.

    What we know right now is that we did not think that it would be a major issue (except confusion) to customers to put a checkbox beside Captive Portal.  The checkbox in on by default and we know most customers that use web have it enabled.  That being said we are getting feedback in EAP, enough that we are looking at it.  Any change (aside from simple rename) is too big for v18.0 GA.

     

    P.S. Port 8091 is already used, it is the next column over.  In v17.5 it is NTLM and in v18.0 it is AD SSO.  This is because both NTLM and Kerberos use port 8091.  In this case it made the most sense just to rename the column.

  • 0 in reply to Michael Dunn

    Appreciate the info. I would think at a minimum it would be useful to be an asterisk next to "Captive portal*" and below the table, put a note that this particular options controls more than just the captive portal with a link to the help file. Additionally, I've always thought the help file was pretty lacking when it came to explaining Local ACLs so updating that with the information you provided would be beneficial. With those two things combined, I think it would be fairly clear to a user.

    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/

  • 0 in reply to shred

    Agreed, just a note that it is a need for End User pages would be helpful as that has come up several times in the EAP.

    Michael, thank you for the info and quite right I picked a port off the top of my head!

    Emile

  • 0 in reply to Michael Dunn

    I realize this is extremely picky but my two cents:

    • Put an asterisks in front of the statement (e.g. * Turning off access to...)
    • Reword to "Turning off access to captive portal also stops user notifications from appearing..."

    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/

Unfiltered HTML