This document describes a test to generate a "Generic Cross Site Scripting" event in the threat log.
The global counters can also be viewed to confirm that the firewall has sent TCP reset packets:
> show counter global | match RST
flow_action_close 4 0 drop flow pktproc TCP sessions closed via injecting RST
For additional examples: XSS Filter Evasion Cheat Sheet - OWASP
Threat Prevention Deployment Tech Note
Nice option. By the way I stared wide-eyed in surprise when after checking the proposed string I tried a simple modification of it and the firewall did not realize at all:
Try "<script> alert(XSS Test) </script>" (spaces between <script> tag and the content alert...)
instead of "<script>alert(XSS Test)</script>"
I can believe this is happening... anyone can help me to properly understand this? otherwise I can think that Thread prevention protection is really easy jump over.