Blocking and Block Page **Featured Article**
- Article Number: 000016267
- Products: Email Security Gateway, Email Security Gateway Anywhere, Forcepoint CASB, Forcepoint DLP, Forcepoint Email Security, Forcepoint Email Security Cloud, Forcepoint URL Filtering, Forcepoint V10000 Appliance, Forcepoint V20000 Appliance, Forcepoint V5000 Appliance, Forcepoint Virtual Appliance, Forcepoint Web Security, Forcepoint Web Security Cloud, Forcepoint Web Security Endpoint, Next Generation Firewall (NGFW)
- Version: All versions, 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7, 7.6, 7.5
- Last Published Date: October 04, 2018
Forcepoint Security products use blocking to prevent access to potentially malicious, not work appropriate or otherwise problematic or objectionable access for users in a work environment. Some products have block pages available that can be customized for the organization while others work in the background. This page is designed to be a one-stop shop with featured content articles that provide relevant information regarding different kinds of blocking, customization and some troubleshooting when blocking isn’t working as expected.
The three sections for this article include:Note The featured content listed may apply to multiple products and versions. Verify the products and versions stated in the article to ensure you are reviewing the correct featured content for your configuration.
Email Security Gateway
Dynamic Always Permit list overrides email addresses on the PEM Block list
This issue is specific to email addresses added to the PEM block list, but the email still goes through.
Block spoofed emails with a forged sender’s address
Be wary, the rule will also apply to any legitimate external senders who spoof your domain in the "From" field.
Antivirus blocks PDF files as suspicious documents
This issue was specific to versions 7.8 to 8.1 and was resolved in version 8.2.
Email Cloud Security
Emails blocked with "TLS (CN=mismatch)" message
This article goes over how to correct the TLS error.
Block or allow email to or from certain email addresses
Individual email whitelist and blacklist exist for Portal administrators.
No sender email is not blocked by default
This article explains why emails with no sender are not blocked.
Messages blocked with the reason "lexical rule (scan-failure)"
This error is specific to an enabled setting in the Email Cloud content filter.
Why are message partial parts blocked
Partial messages fragments are blocked by default.
Blacklist address is not blocked
Ensure the domain is not white listed.
Block spam that originates from company domain
An option exists to filter messages that spoof internal domains that would need to be enabled.
Email blocked as spam despite spam whitelist entry
This issue is specific to a missing IP address from a sender’s SPF record.
Websites in multiple categories with different blocking requirements
When a website is in two categories and one category is set to block, then the website will be blocked.
Public Wi-Fi logon page blocked with certificate error
The landing page for the WiFi connection may be using an internal certificate.
Site Lookup suggestions emails are being blocked by ESG
Specific to Site Lookup and ACE Insight emails for suggesting a category change or other similar Forcepoint features.
Block cross-site scripting (XSS) and SQL injection attacks with Next Generation Firewall
TLS inspection must be configured for protection for attacks performed on encrypted connections.
DLP Policy content not being blocked via HTTP / HTTPS and FTP channels on Content Gateway
Content Gateway must be enabled within the Data module for blocking to happen.
Prompted for credentials or being blocked when accessing an internal site
Internal sites need to be bypassed from Content Gateway. This article explains the different methods available.
Users can still access websites that are re-categorized to be blocked
Troubleshooting access issues for websites.
Blocking FTP in general while allowing individual FTP sites
When some FTP sites need to be allowed, yet the rest need to be blocked.
Blocked images and incorrect formatting on CSS objects on many websites
Enhanced algorithms have been applied to the Web Images and Web Infrastructure Miscellaneous categories for logging and blocking purposes. If blocked, users will have issues loading some websites.
Allowing specific YouTube videos
How to allow specific videos from YouTube while keeping the rest of YouTube blocked. SSL Decryption must be enabled in the environment.
Search Filtering feature blocks explicit thumbnail images
How to properly block explicit content thumbnail images from search engines.
Google SafeSearch not working with PIX or ASA integrations
Configuring a PIX or ASA integration direct to the Windows server’s Filtering Service, not Content Gateway.
Setting a custom block page for CASB
Block pages can be set per asset, meaning a different block page can be set per Cloud Application. This article explains how to upload edited block pages.
Block page issues when accessing HTTPS websites
Issue caused by the Forcepoint Cloud Root certificate not being imported on the browser.
How to customize the Data Protectors ICAP Block Page
This article explains how to change the ICAP block page. It is simple by design and not meant for heavy customization.
No HTTPS block page is displayed
Without SSL Decryption, Forcepoint software cannot produce a block page on HTTPS websites.
Modifying Block Page Content
This article gives some best practice information along with links to actual steps for version, including Windows server, Content Gateway, Software Content Gateway and Web Hybrid.
Changing the block page header from Content blocked by your organization
Information on how to change the warning at the top of a block page.
The block page needs to be masked or hosted on a different server
Used in instances where the address for the block page cannot have the IP of a filtering service.
Custom block page logo is not displaying on a V Series appliance
Troubleshooting for custom block page logos on appliances. Also applies to Windows server deployments for the master.html file.
Block page takes too long to load for end users
These steps apply to both Content Gateway and Windows servers. In the case of changing the file on an Appliance with no root access available, raise a case with Technical Support.
Block page doesn't display properly
This article is specific to no block page showing, but the access to the site is stopped with a redirect.
Document certificate requirements for Secure Manual Authentication and Secure Block Page
This issue is specific to a Chrome and Firefox browser error for cipher mismatch on HTTPS sites. Applies to versions 8.2 to 8.3 as there is a hotfix to install, whereas 8.4 to 8.5 do not require the hotfix.