Is there a way to disable response page for interface?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Is there a way to disable response page for interface?

L3 Networker

I am blocking some applications coming inbound from the internet to a certain IP. This creates a response page when I have application block response page on. How can I stop response page from being server to outside zone?

 

 

11 REPLIES 11

L6 Presenter

Management profiles create the way you can disable response pages.  Create a new management profile with "response pages" unchecked.Management_Profile.PNG

Excuse me.If use Virtual Wire interface Type.

How can disable the response page form internet?

 

Hi,

 

do you have cureently response page configured on vwire mode from Internet?

Below is the link i found to enable the response page on the vwire mode

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJcCAK

 

If you have used above link to enable the response page then under response page change the action to disable

 

MP18_0-1592671347129.png

 

 

MP

Help the community: Like helpful comments and mark solutions.

Thanks for your help.I have read this article.

Take URL Filtering as an example. Generally speaking, the settings are from inside to outside. If outside to inside, the server of the customized external service is deliberately turned into a blocked list. Will Internet users have Response Pages?
After testing, Internet users will not have Response Pages. Of course, this is the result I want, just want to understand the working principle of Response Pages.

 

So far I never heard about Response Pages for Internet users.

But as per config option  it can be done if you have user id info on the outside interface

MP

Help the community: Like helpful comments and mark solutions.

Hi MP18:

you're right.  I have never heard of a response page for Internet users.

I never thought about this kind of problem.

It’s just that the customer asks.

If I can understand how the response page works, I can correctly answer customer questions.

So far, I know about the direction of this problem. Thank you for your help.

 

 

We were testing a new web site from the outside and were surprised to see a response page going out.. I understand why the page was blocked being new and still 'unknown' so 'high-risk' but the response page going out to the wild seems like a bit much info. The external 'untrust' interface has a Interface Mgmt profile on it with only the ping box checked. 

L0 Member

@junior_r wrote:

I am blocking some applications coming inbound from the internet to a certain IP. This creates a response page when I have application block response page on. How can I stop response page from being server to outside zone?

 

 


Turn off Response Pages in your management profile assigned to the interface.

 

appears this may no longer work on 10.1--- we are still getting response pages even though my interface mgmt profile is off.

We also have this problem. How can i disable on PANOS 10.2.x? If inbound traffic, a.e to a reverse proxy is decrytped and certain urls allowed for a handfull src ips but for all other not, the firewall display a application block page. For internal to internet this is ok, but not for the other way. Also chancing the policy action to drop or reset client does not work. We also have the interface mngt profile on the internet interface, without response pages, but they are displayed. Seams to be a bug.


@FabioHufschmid wrote:

We also have this problem. How can i disable on PANOS 10.2.x? If inbound traffic, a.e to a reverse proxy is decrytped and certain urls allowed for a handfull src ips but for all other not, the firewall display a application block page. For internal to internet this is ok, but not for the other way. Also chancing the policy action to drop or reset client does not work. We also have the interface mngt profile on the internet interface, without response pages, but they are displayed. Seams to be a bug.


Unfortunately it isn't a bug, and counter to my understanding and belief years ago (in 2019) in my post this isn't something that can be turned off.

 

Using application level blocking (APP-ID) is a global thing and actually has ZERO to do with a management profile and enabling response pages.  If enabling response pages on APP-ID there is no way to not present a response page to an untrusted zone.

 

Brandon_Wertz_0-1718731134450.png

 

 

The interface management profiles, enabling or disabling response pages there is a HTML level thing and isn't associated with the APP-ID response page function.

 

This is what I was told from my Focus Services account team and DE.

 

 

So in short it's either on or off globally as far as APP-ID response pages are concerned.  Anything else is a Feature Request / enhancement to the product.

  • 9580 Views
  • 11 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!