Block page doesn't display properly
- Article Number: 000010861
- Products: Forcepoint URL Filtering, Forcepoint Web Security, TRITON AP-WEB, Web Filter & Security, Web Security Gateway, Web Security and Web Filter
- Version: 8.5, 8.4, 8.3, 8.2, 8.1, 8.0, 7.8, 7.7, 7.6, 7.5, 7.1, 7.0
- Last Published Date: September 21, 2018
The block page is not displaying properly on the end user's computer.
There are multiple potential causes for block pages to not properly resolve. Check the solutions below and if the issues with the block page persist, raise a case with Technical Support for assistance.
Filtering port and block page port
The filtering port is used by Filtering Service to communicate with other Websense components. The block page port is used by Filtering Service to send block pages to client machines. These ports must be in the range 1024-65535.
Filtering Service may have been automatically configured to use ports other than the default 15868 (filtering port) and 15871 (block page port). When Filtering Service is installed, the installation program checks whether these default ports are already in use on that machine. If either is already in use, the port is automatically incremented until a free port is found.
To find the ports used by Filtering Service:
Filtering service and Windows Firewall
The Windows firewall is enabled by default on Windows Server versions 2008 to 2016. Port 15871 must be open for Filtering Service to receive redirect request to deliver the Forcepoint block page. There are two methods to handle the port issue:
Perform the following steps to enforce Forcepoint software to use a specific IP address:
<IP address> is the IP address of the Filtering Service.
If the Filtering Service machine has more than one NIC, and you are still having problems after adding the BlockMsgServerName entry to the eimserver.ini file, try the other NIC IP addresses in the eimserver.ini file.
Block page read access
Ensure that users have read access to the files in the Websense folders that store the block pages:
Network and DNS
netstat /an > doc.txt
Review the doc.txt file. Is the Filtering Service listening on port 15871? If not, Filtering Service may need to be reconfigured or reinstalled.
telnet <Filtering Service machine> 15871
If telnet does not work from a workstation but works from the local server (from the Filtering Service machine), this indicates network issue.
This should return an “Invalid Request” response from the Filtering Service machine. This indicates that the Filtering Service is active and listening. Check the network for DNS issues.
Note To identify the block page, use the "ip.id==0x02f2" filter.
The block page spoofs the origin server. If the capture shows an external source IP address for the block page’s 302 move packet, check if the block page is being stopped by an intermediate router or packet inspection device on the network.