https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/548933#M112041 <P>I also have same issue. For https website Iam not getting the response page. Any solution?</P> <P>&nbsp;</P> Tue, 11 Jul 2023 13:22:40 GMT KhaleelE 2023-07-11T13:22:40Z https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/380722#M89691 <P>Hi There,</P><P>&nbsp;</P><P>I have configured a security policy to block a URL category using the <STRONG>Service/URL Category</STRONG> method and my action is <STRONG>deny</STRONG>.</P><P>&nbsp;</P><P>This works and the category is denied, however the block response page is not displayed. Instead i get "This site can’t be reached" and "<SPAN>ERR_CONNECTION_RESET</SPAN>".</P><P>&nbsp;</P><P>When i block the same category using the URL Filtering Security Profile, the block response page is displayed.</P><P>&nbsp;</P><P>This behavior is the same for both encrypted and unencryted pages and also on PAN OS 9.1.7 as well as on 10.0.2.</P><P>&nbsp;</P><P>Any idea if this is normal behavior or if this is something that i can fix?&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks in advance <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Response Page not displayed when using security policy to deny URL category</P> Tue, 19 Jan 2021 08:00:25 GMT https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/380722#M89691 PerreauLuc 2021-01-19T08:00:25Z https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/394719#M91179 <P>Can you confirm that you are matching the correct policy that just blocks with the the category, also I think before this rule there should be rules that identify the the app id as web-blowsing or ssl, so check the traffic that the app-id is identified correctly.</P><P>&nbsp;</P><P>Please see:</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/test-policy-rule-traffic-matches.html" target="_blank">https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/policy/test-policy-rule-traffic-matches.html</A></P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClibCAC</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Can you provide a screenshot of the rule as maybe it also has App ID in the rule and maybe you need "Application Block Page" as this triggered first etc.?</P><P>&nbsp;</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-response-pages.html" target="_blank">https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/device/device-response-pages.html</A></P> Mon, 29 Mar 2021 06:31:52 GMT https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/394719#M91179 nikoolayy1 2021-03-29T06:31:52Z https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/394840#M91195 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/150722">@PerreauLuc</a>,</P> <P>Assuming that you are attempting to block an HTTPS site, and that you aren't decrypting said traffic which would cause the issue you are describing, this behavior is expected. You would need to following&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFKCA0" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFKCA0</A>&nbsp;to get this functioning. By default, the firewall won't attempt to serve a response page if you aren't decrypting the traffic because it would just lead to a certificate warning.&nbsp;</P> Mon, 29 Mar 2021 23:39:18 GMT https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/394840#M91195 BPry 2021-03-29T23:39:18Z https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/519002#M107642 <P>Hi all</P> <P>&nbsp;</P> <P>I face the exact same Issue.</P> <P>I have enabled response pages and tried it with an url category profile using: <A href="http://urlfiltering.paloaltonetworks.com/test-malware" target="_blank">http://urlfiltering.paloaltonetworks.com/test-malware</A>.</P> <P>This worked perfectly fine.</P> <P>&nbsp;</P> <P>However: I went on, removed the url profile and added the Service/URL Category "malware", set the rule to deny and I'm presented with a browser message telling me the network connection was interrupted. (no response page)<BR />So either this is by design / technical limitation or it's a bug.</P> <P>&nbsp;</P> <P>PA-220, 10.2.2</P> <P>find my rule below</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="MKoehler_0-1666690143359.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/44860iF39DD6466302682A/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="MKoehler_0-1666690143359.png" alt="MKoehler_0-1666690143359.png" /></span></P> <P>&nbsp;</P> Tue, 25 Oct 2022 09:29:52 GMT https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/519002#M107642 MKoehler 2022-10-25T09:29:52Z https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/520215#M107821 <P>I am seeing the same behavior. PA-3250 10.2.3</P> Thu, 03 Nov 2022 19:51:48 GMT https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/520215#M107821 Jake_Aguinaga 2022-11-03T19:51:48Z https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/520228#M107824 <P>To me it would seem to be operating as designed and expected behavior.</P> <P>&nbsp;</P> <P>With a Security Policy you select targets by some combination of IP, zone, user, service, and/or URL(SNI); and running a deny action you are sending a TCP or UDP reset to the endpoint. It doesn't matter or necessarily operate on HTTP/HTTPS. Therefore the browser just gets a connection closed message, no actual content response.</P> <P>&nbsp;</P> <P>With URL Filtering you are filtering content inside the HTTP/HTTPS connection. So when a block happens you are interrupting the content stream and can return a different content page, vs. just terminating the network connection.&nbsp;</P> Thu, 03 Nov 2022 20:56:25 GMT https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/520228#M107824 Adrian_Jensen 2022-11-03T20:56:25Z https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/548933#M112041 <P>I also have same issue. For https website Iam not getting the response page. Any solution?</P> <P>&nbsp;</P> Tue, 11 Jul 2023 13:22:40 GMT https://live.paloaltonetworks.com/t5/general-topics/response-page-not-displayed-when-using-security-policy-to-deny/m-p/548933#M112041 KhaleelE 2023-07-11T13:22:40Z