Create a Post
Showing results for 
Search instead for 
Did you mean: 

UserCheck/WebBlocked messages accessing all Internet sites

(2) 5000 appliances in HA active/passive - R80.30


6/17: User A: suddenly receiving UserCheck/WebBlocked messages accessing ANY/ALL Internet sites.

  IT support rebooted workstation,  logged in using their own credentials and they also got the UserCheck/WebBlocked messaged.  IT support installed USB-Ethernet Adapter to try to fix issue (?):, user acquired another ip on same subnet and was able to access Internet.  About a day later, USB-Ethernet Adapter removed  , user connection normalized. User able to access Internet. No other services (email, etc) impacted.

6/16: User B: suddenly receiving UserCheck/WebBlocked messages accessing ANY/ALL Internet sites

IT Support changed user over to WIFI (?) and user was able to access Internet. No other services (email, etc) impacted.

 All Internet access rules based on IdentityAwareness/AD query/. UserA/UserB log shows their requests  matching on a BlockedMessage rule which uses ip address only and action= deny for all Internet access.  Seems like User_A/B have "lost" their AD group mappings so their Internet access doesn't match on  rules based on IdentityAwareness/AD query and matches on the rule based on ip address, action=deny...Checking  pepd/ pdpd logs and AD server but nothing yet.  No recent changes - IA/AD query/UserCheck configs all active for 1 year+ w/no issues.   Any suggestions?


0 Kudos
3 Replies
This widget could not be displayed.