https://community.checkpoint.com/t5/Firewall-and-Security-Management/UserCheck-WebBlocked-messages-accessing-all-Internet-sites/m-p/121828#M17412 <P>Thats a bit odd that users would get blocked page is https inspection is off. Can you send a screenshot if possible?</P> Tue, 22 Jun 2021 13:46:22 GMT the_rock 2021-06-22T13:46:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/UserCheck-WebBlocked-messages-accessing-all-Internet-sites/m-p/121766#M17392 <P>(2) 5000 appliances in HA active/passive - R80.30</P><P>&nbsp;</P><P>6/17: User A:&nbsp;suddenly receiving UserCheck/WebBlocked messages accessing ANY/ALL Internet sites.</P><P>&nbsp;&nbsp;IT support rebooted workstation,&nbsp; logged in using their own credentials and they also got the UserCheck/WebBlocked messaged.&nbsp; IT support installed USB-Ethernet Adapter to try to fix issue (?):, user acquired another ip on same subnet and was able to access Internet.&nbsp; About a day later, USB-Ethernet Adapter removed&nbsp; , user connection normalized. User able to access Internet. No other services (email, etc) impacted.</P><P>6/16: User B: suddenly receiving UserCheck/WebBlocked messages accessing ANY/ALL Internet sites</P><P>IT Support changed user over to WIFI (?) and user was able to access Internet.&nbsp;No other services (email, etc) impacted.</P><P>&nbsp;All Internet access rules based on IdentityAwareness/AD query/. UserA/UserB log shows their requests&nbsp; matching on a BlockedMessage rule which uses ip address only and action= deny for all Internet access.&nbsp; Seems like User_A/B have "lost" their AD group mappings so their Internet access doesn't match on &nbsp;rules based on IdentityAwareness/AD query and matches on the rule based on ip address, action=deny...Checking&nbsp; pepd/ pdpd logs and AD server but nothing yet.&nbsp; No recent changes - IA/AD query/UserCheck configs all active for 1 year+ w/no issues.&nbsp; &nbsp;Any suggestions?</P><P>&nbsp;</P> Mon, 21 Jun 2021 22:03:41 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/UserCheck-WebBlocked-messages-accessing-all-Internet-sites/m-p/121766#M17392 vlw38 2021-06-21T22:03:41Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/UserCheck-WebBlocked-messages-accessing-all-Internet-sites/m-p/121773#M17393 <P>What do your https inspection rules look like? When you have user belonging to say access role that would get blocked to for example, gambling sites, do you see block page and if you run command pdp monitor user username, what does it show? Say user ID is johnwayne, what would pdp monitor user johnwayne show you? Does it show that user belong to the right groups? Have you tried doing pdp update all?</P> <P>Is this brand new issue, has been happening for some time?</P> Tue, 22 Jun 2021 00:18:23 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/UserCheck-WebBlocked-messages-accessing-all-Internet-sites/m-p/121773#M17393 the_rock 2021-06-22T00:18:23Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/UserCheck-WebBlocked-messages-accessing-all-Internet-sites/m-p/121827#M17411 <P>Thank you for responding.&nbsp; HTTPS inspection not enabled. Ran PDP monitor and both users(s) belong to the correct groups. Have not tried pdp update all.&nbsp; This is brand new issue.&nbsp;</P> Tue, 22 Jun 2021 13:41:34 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/UserCheck-WebBlocked-messages-accessing-all-Internet-sites/m-p/121827#M17411 vlw38 2021-06-22T13:41:34Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/UserCheck-WebBlocked-messages-accessing-all-Internet-sites/m-p/121828#M17412 <P>Thats a bit odd that users would get blocked page is https inspection is off. Can you send a screenshot if possible?</P> Tue, 22 Jun 2021 13:46:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/UserCheck-WebBlocked-messages-accessing-all-Internet-sites/m-p/121828#M17412 the_rock 2021-06-22T13:46:22Z