Block page for security policy matches

fmurray — Mon, 05 Dec 2016 22:10:47 GMT

Is there a way to return a block page to users when their connection is blocked not by the URL-filter but by a security policy?

We have a security policy that blocks all outbound traffic to a list of foreign countries. The problem is when users attempt to browse websites in these countries the traffic is blocked but the user doesn't receive any information about why it was blocked- the connection just times out.

IS there a way to send an HTML block page to users when the traffic is blocked?

Thanks

Re: Block page for security policy matches

Raido_Rattameister — Mon, 05 Dec 2016 23:58:12 GMT

If user tries to browse to website that is running on IP that is not permitted then this attempt is blocked before connection get's to HTTP.

Initial SYN packet gets tcp-rst back and connection is taken down.

What you can try is to:

Create top rule that permits traffic to your country IP addresses, application web-browsing, action allow.

Create second rule below it where destination is any, application is web-browsing and action is block.

And edit application response page.

If I were you I would add some Javascript to it so if application equals to web-browsing then show text "You are browsing to website hosted outside our country".

topic Block page for security policy matches in General Topics

Block page for security policy matches

Re: Block page for security policy matches