SSO/TSA users get SonicWall CFS block page upon accessing a allowed website first time, such as Google but after refreshing Internet Browser it gets displayed.
Access to the a allowed website is blocked first time for a TSA/SSO users, however, after refreshing the Internet browser second time site gets loaded.
Customer configured “Don't block user traffic while waiting for SSO”. This check box is inside SSO Agent page. Firewall (FW) may receive TSA notifications before or after the connection setting up in the FW. So when the connection setting up before TSA notifications, the traffic would bypass SSO if customer checked this feature, but CFS blocked it later because no user info attached to this connection, it would fall into the default CFS policy.
Disable the feature “Don't block user traffic while waiting for SSO” by:
Step 1: Users | Settings | Under authentication method Click on Configure SSO button.
Step 2: On the displayed SSO authentication configuration dialog box, with "SSO Agents" tab selected, click on "General Settings" tab under Authentication Agent Settings.
Step: Un check "Don't block user traffic while waiting for SSO".