- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-09-2019 06:53 AM - edited 11-09-2019 06:54 AM
I am blocking some applications coming inbound from the internet to a certain IP. This creates a response page when I have application block response page on. How can I stop response page from being server to outside zone?
11-11-2019 07:25 AM
Management profiles create the way you can disable response pages. Create a new management profile with "response pages" unchecked.
06-19-2020 11:12 PM
Excuse me.If use Virtual Wire interface Type.
How can disable the response page form internet?
06-20-2020 09:38 AM - edited 06-20-2020 09:42 AM
Hi,
do you have cureently response page configured on vwire mode from Internet?
Below is the link i found to enable the response page on the vwire mode
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJcCAK
If you have used above link to enable the response page then under response page change the action to disable
06-22-2020 03:00 AM
Thanks for your help.I have read this article.
Take URL Filtering as an example. Generally speaking, the settings are from inside to outside. If outside to inside, the server of the customized external service is deliberately turned into a blocked list. Will Internet users have Response Pages?
After testing, Internet users will not have Response Pages. Of course, this is the result I want, just want to understand the working principle of Response Pages.
06-22-2020 09:27 PM
So far I never heard about Response Pages for Internet users.
But as per config option it can be done if you have user id info on the outside interface
06-23-2020 01:26 AM
Hi MP18:
you're right. I have never heard of a response page for Internet users.
I never thought about this kind of problem.
It’s just that the customer asks.
If I can understand how the response page works, I can correctly answer customer questions.
So far, I know about the direction of this problem. Thank you for your help.
04-06-2021 12:34 PM
We were testing a new web site from the outside and were surprised to see a response page going out.. I understand why the page was blocked being new and still 'unknown' so 'high-risk' but the response page going out to the wild seems like a bit much info. The external 'untrust' interface has a Interface Mgmt profile on it with only the ping box checked.
04-07-2021 02:11 AM
@junior_r wrote:I am blocking some applications coming inbound from the internet to a certain IP. This creates a response page when I have application block response page on. How can I stop response page from being server to outside zone?
Turn off Response Pages in your management profile assigned to the interface.
10-13-2022 07:25 AM
appears this may no longer work on 10.1--- we are still getting response pages even though my interface mgmt profile is off.
06-18-2024 01:13 AM
We also have this problem. How can i disable on PANOS 10.2.x? If inbound traffic, a.e to a reverse proxy is decrytped and certain urls allowed for a handfull src ips but for all other not, the firewall display a application block page. For internal to internet this is ok, but not for the other way. Also chancing the policy action to drop or reset client does not work. We also have the interface mngt profile on the internet interface, without response pages, but they are displayed. Seams to be a bug.
06-18-2024 10:18 AM - edited 06-18-2024 10:19 AM
@FabioHufschmid wrote:
We also have this problem. How can i disable on PANOS 10.2.x? If inbound traffic, a.e to a reverse proxy is decrytped and certain urls allowed for a handfull src ips but for all other not, the firewall display a application block page. For internal to internet this is ok, but not for the other way. Also chancing the policy action to drop or reset client does not work. We also have the interface mngt profile on the internet interface, without response pages, but they are displayed. Seams to be a bug.
Unfortunately it isn't a bug, and counter to my understanding and belief years ago (in 2019) in my post this isn't something that can be turned off.
Using application level blocking (APP-ID) is a global thing and actually has ZERO to do with a management profile and enabling response pages. If enabling response pages on APP-ID there is no way to not present a response page to an untrusted zone.
The interface management profiles, enabling or disabling response pages there is a HTML level thing and isn't associated with the APP-ID response page function.
This is what I was told from my Focus Services account team and DE.
So in short it's either on or off globally as far as APP-ID response pages are concerned. Anything else is a Feature Request / enhancement to the product.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!