Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
vlw38
Explorer

UserCheck/WebBlocked messages accessing all Internet sites

(2) 5000 appliances in HA active/passive - R80.30

 

6/17: User A: suddenly receiving UserCheck/WebBlocked messages accessing ANY/ALL Internet sites.

  IT support rebooted workstation,  logged in using their own credentials and they also got the UserCheck/WebBlocked messaged.  IT support installed USB-Ethernet Adapter to try to fix issue (?):, user acquired another ip on same subnet and was able to access Internet.  About a day later, USB-Ethernet Adapter removed  , user connection normalized. User able to access Internet. No other services (email, etc) impacted.

6/16: User B: suddenly receiving UserCheck/WebBlocked messages accessing ANY/ALL Internet sites

IT Support changed user over to WIFI (?) and user was able to access Internet. No other services (email, etc) impacted.

 All Internet access rules based on IdentityAwareness/AD query/. UserA/UserB log shows their requests  matching on a BlockedMessage rule which uses ip address only and action= deny for all Internet access.  Seems like User_A/B have "lost" their AD group mappings so their Internet access doesn't match on  rules based on IdentityAwareness/AD query and matches on the rule based on ip address, action=deny...Checking  pepd/ pdpd logs and AD server but nothing yet.  No recent changes - IA/AD query/UserCheck configs all active for 1 year+ w/no issues.   Any suggestions?

 

0 Kudos
3 Replies
the_rock
Mentor
Mentor

What do your https inspection rules look like? When you have user belonging to say access role that would get blocked to for example, gambling sites, do you see block page and if you run command pdp monitor user username, what does it show? Say user ID is johnwayne, what would pdp monitor user johnwayne show you? Does it show that user belong to the right groups? Have you tried doing pdp update all?

Is this brand new issue, has been happening for some time?

0 Kudos
vlw38
Explorer

Thank you for responding.  HTTPS inspection not enabled. Ran PDP monitor and both users(s) belong to the correct groups. Have not tried pdp update all.  This is brand new issue. 

0 Kudos
the_rock
Mentor
Mentor

Thats a bit odd that users would get blocked page is https inspection is off. Can you send a screenshot if possible?

0 Kudos