This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

bypass webpage blocked not working

In our company, we have two Sophos SG210 set up in cluster. In the Sophos, proxy web filtering is activate on the cluster and the ByPass Users tab is enable for all Active Directory Users. However when a user (member of the domain) is connected on a website blocked by the Sophos UTM, the option to unblock webpage is displayed but when he clicks on the button, it leads to a authentication error webpage with no possibility to unblock the webpage. Can you please help me on this topic as it's really annoying for end users.

Thanks



This thread was automatically locked due to age.
Parents
  • When the Exception link is selected, UTM is expecting an ADMIN login.   If you have an environment that allows admins to see user screens, this link is pretty useful.

    However, if you are going to let any employee to whitelist any webpage, why use UTM at all?    There are serious threats out there, and the only way to protect yourself from them is to analyze the threat before proceeding.

    Some of the things you could/should check:

    • What is blocked, a main page or a component?
    • Why is it blocked:  Category?  Reputation?  Encryption Protocols?  Company Policy?
    • If uncategorized, have you used TrustedSites.org to see whether McAfee agrees that it is uncategorized, and whether McAfee thinks it is safe?   (Until 9.6, UTM has some problems with overlooking some of McAfee's categories.)   If uncategorized, has it been submitted for evaluation?
    • Do a DNS lookup against quad9.org (9.9.9.9) and see if they return a result or not.   If UTM does not block the query and Quad9 returns no result, Quad9 thinks the DNS name is dangerous.

    I guess you could get your desired result by making every employee a member of the UTM admin group.

  • Thanks for your answer, unfortunately the problem is that when I want to bypass a website instead of having credentials to enter, I have a blank webpage with authentification error written at the top...

Reply Children
  • 1 How the Web Filter authentication is configured? It is in browser mode or Active directory

    2 How the Web Filter port is configured Standart Mode or Transparent mode


    I think you have configured the proxy in standart mode (redirecting browser in port 8080 or 3821)
    This error can be bypassed if the Proxy is in Transparent Mode
    or In the client browser check Bypass proxy server for local addresses

    I will suggest you Importing the UTM certificate as well on the clients. Or you can push it by Active Directory GPO

  • It might help us advise you, if you clarified what authentication method and proxy method you are using.  Mostly I am confused because I cannot account for your symptoms, if I understand them correctly:   I think you said that: you get the block page, you click to create an exception, then you get an authentication error without ever being prompted for a login.

    (In my environment, we use Active Directory SSO for authentication, with both Standard and Transparent proxies enabled for all users, https inspection enabled for some users.)

    When UTM blocks a HTTPS page, it uses its own CA to generate a certificate to emulate the blocked site.   Consequently, you need to distribute the CA root certificate so that the block page is displayed without any warnings.  But it sounds like this does not apply to your complaint.

    The links on the block page refer to fw.passthru-notify.net or fw.passthrough-notify.net.   These names are reserved by Sophos and intended to force the traffic through your UTM.  If something in your DNS causes the name to be blocked or the traffic to be misrouted, this might contribute to the reserved behavior, but it is pretty hard to get this one wrong.

    When we click on one of the create-exception links, we get a basic-mode pop-up window, with a title that says "fw.passthru-notify.net requires authorization" or something to that effect.   If you block pop-ups, the prompt may be missed.   That is where an admin account must be provided.   Users try to enter their own credentials and it fails.

    If your filter profile says to block all unauthenticated users, that might also cause the problem.   I cannot be sure because I have not tried it; my default rule allows some traffic, even for unauthenticated users.

  • Thanks Douglas, in fact I use the web filtering like you described. Let me explain shortly :

     

    Web filtering is set up in transparent mode with Active Directory SSO for Default authentification, I also have the Block Access on authentification Failure ticked and the Enable device-specific authentification with Windows (Device) and Active Directory SSO (Mode). Regarding certificates, I also uploaded my own domain CA in the UTM to display blocked webpage. When I try to surf on a blocked webpage, the webpage of my UTM is correctly displayed saying that the content had been blocked by the UTM. On this page I also have a button labelled Unblock URL (will be logged). If I click on this button, instead of having a prompt to enter active directory credentials to unblock the webpage, a white webpage is displayed with Authentication ERROR written. The URL of this webpage is

    https://passthrough.fw-notify.net/static/auth_override.html?category=146&return=https://amazon.fr/

     

    I hope that you understand better now DouglasFoster

     

  • You didnt setup who users or groups can unblock. You have a mishmash configuration there.

    If the PC is in a domain, the browser it is automatically authenticated with the user logged in.

    Better to read the help file how it works

    Bye

  • For a test, all authenticated users are able to bypass webpage :

     

     

    Regarding proxy mode I have the Following set :

     

    You want me to disable Device Specific authentification ?

     

    Thanks

  • It doesnt make sense that for anyone is blocked and anyone can bypass blocked.
    Yes disable Specific Authentication

  • I agree with you but just for testing it was set up like this. Even with disable specific device authentification it still doesn't work.

  • You have to create profiles.

    First allow for Ad users.

    If fails

    For all the rest of network

    I will try to upload the old schema if i find it

  • I created an AD group and allow this group to bypass blocked pages, and it still doesn't work. I still have the authentication error displayed when i click on unblock page...

  • What happens when you put authentication "None" or Browser?

    If it still fails you have to do more job on user definitions and SSO