Depending on how your company's VPN client is configured, especially if it is a split-tunnel VPN client, it's likely that the client's DNS requests are being handled by the VPN's public IP address, which is registered to your Cisco Umbrella account, but that your client's HTTP traffic is originating from the client's home IP address. In general, a mismatch between the HTTP IP address and the DNS IP address will cause problems with block page bypass.
As such, we recommend that you configure your VPN to treat certain Umbrella address space as "local" traffic, such that this traffic intended for Umbrella is sent via the VPN tunnel. This way, our systems will see all traffic intended for that address space as having originated from your registered IP address, which should resolve the HTTP/DNS IP address mismatch you are seeing, and therefore clear up some of these errors you are seeing with block page bypass.
The address space that should be forwarded over the VPN is as follows: