Blocking and Block Page **Featured Article**
- Article Number: 000016267
- Products: Email Security Gateway, Email Security Gateway Anywhere, Forcepoint CASB, Forcepoint DLP, Forcepoint Email Security, Forcepoint Email Security Cloud, Forcepoint URL Filtering, Forcepoint V10000 Appliance, Forcepoint V20000 Appliance, Forcepoint V5000 Appliance, Forcepoint Virtual Appliance, Forcepoint Web Security, Forcepoint Web Security Cloud, Forcepoint Web Security Endpoint, Next Generation Firewall (NGFW)
- Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7, 7.6, 7.5
- Last Published Date: September 14, 2020
Notes & Warnings
Forcepoint Security products use blocking to prevent access to potentially malicious, not work appropriate or otherwise problematic or objectionable access for users in a work environment. Some products have block pages available that can be customized for the organization while others work in the background. This page is designed to be a one-stop shop with featured content articles that provide relevant information regarding different kinds of blocking, customization and some troubleshooting when blocking isn’t working as expected.
The three sections for this article include:Note The featured content listed may apply to multiple products and versions. Verify the products and versions stated in the article to ensure you are reviewing the correct featured content for your configuration.
Websites in multiple categories with different blocking requirements
When a website is in two categories and one category is set to block, then the website will be blocked.
Public Wi-Fi logon page blocked with certificate error
The landing page for the WiFi connection may be using an internal certificate.
Site Lookup suggestions emails are being blocked by ESG
Specific to Site Lookup and ACE Insight emails for suggesting a category change or other similar Forcepoint features.
Block cross-site scripting (XSS) and SQL injection attacks with Next Generation Firewall
TLS inspection must be configured for protection for attacks performed on encrypted connections.
DLP Policy content not being blocked via HTTP / HTTPS and FTP channels on Content Gateway
Content Gateway must be enabled within the Data module for blocking to happen.
Prompted for credentials or being blocked when accessing an internal site
Internal sites need to be bypassed from Content Gateway. This article explains the different methods available.
Users can still access websites that are re-categorized to be blocked
Troubleshooting access issues for websites.
Blocking FTP in general while allowing individual FTP sites
When some FTP sites need to be allowed, yet the rest need to be blocked.
Blocked images and incorrect formatting on CSS objects on many websites
Enhanced algorithms have been applied to the Web Images and Web Infrastructure Miscellaneous categories for logging and blocking purposes. If blocked, users will have issues loading some websites.
Allowing specific YouTube videos
How to allow specific videos from YouTube while keeping the rest of YouTube blocked. SSL Decryption must be enabled in the environment.
Search Filtering feature blocks explicit thumbnail images
How to properly block explicit content thumbnail images from search engines.
Google SafeSearch not working with PIX or ASA integrations
Configuring a PIX or ASA integration direct to the Windows server’s Filtering Service, not Content Gateway.
Setting a custom block page for CASB
Block pages can be set per asset, meaning a different block page can be set per Cloud Application. This article explains how to upload edited block pages.
Block page issues when accessing HTTPS websites
Issue caused by the Forcepoint Cloud Root certificate not being imported on the browser.
How to customize the Data Protectors ICAP Block Page
This article explains how to change the ICAP block page. It is simple by design and not meant for heavy customization.
Information about Filtering and Identification from the Block Page
Review the Block Page html source to determine additional details as to why a site / user is being blocked.
No HTTPS block page is displayed
Without SSL Decryption, Forcepoint software cannot produce a block page on HTTPS websites.
Modifying Block Page Content
This article gives some best practice information along with links to actual steps for version, including Windows server, Content Gateway, Software Content Gateway and Web Hybrid.
Changing the block page header from Content blocked by your organization
Information on how to change the warning at the top of a block page.
The block page needs to be masked or hosted on a different server
Used in instances where the address for the block page cannot have the IP of a filtering service.
Custom block page logo is not displaying on a V Series appliance
Troubleshooting for custom block page logos on appliances. Also applies to Windows server deployments for the master.html file.
Block page takes too long to load for end users
These steps apply to both Content Gateway and Windows servers. In the case of changing the file on an Appliance with no root access available, raise a case with Technical Support.
Block page doesn't display properly
This article is specific to no block page showing, but the access to the site is stopped with a redirect.
Document certificate requirements for Secure Manual Authentication and Secure Block Page
This issue is specific to a Chrome and Firefox browser error for cipher mismatch on HTTPS sites. Applies to versions 8.2 to 8.3 as there is a hotfix to install, whereas 8.4 to 8.5 do not require the hotfix.
block; blocking; blockpage; web; email; data; ngfw; email blocking; website blocking;