I have configured a security policy to block a URL category using the Service/URL Category method and my action is deny.
This works and the category is denied, however the block response page is not displayed. Instead i get "This site can’t be reached" and "ERR_CONNECTION_RESET".
When i block the same category using the URL Filtering Security Profile, the block response page is displayed.
This behavior is the same for both encrypted and unencryted pages and also on PAN OS 9.1.7 as well as on 10.0.2.
Any idea if this is normal behavior or if this is something that i can fix?
Thanks in advance 🙂
Response Page not displayed when using security policy to deny URL category
Can you confirm that you are matching the correct policy that just blocks with the the category, also I think before this rule there should be rules that identify the the app id as web-blowsing or ssl, so check the traffic that the app-id is identified correctly.
Can you provide a screenshot of the rule as maybe it also has App ID in the rule and maybe you need "Application Block Page" as this triggered first etc.?
Assuming that you are attempting to block an HTTPS site, and that you aren't decrypting said traffic which would cause the issue you are describing, this behavior is expected. You would need to following https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFKCA0 to get this functioning. By default, the firewall won't attempt to serve a response page if you aren't decrypting the traffic because it would just lead to a certificate warning.
I face the exact same Issue.
I have enabled response pages and tried it with an url category profile using: http://urlfiltering.paloaltonetworks.com/test-malware.
This worked perfectly fine.
However: I went on, removed the url profile and added the Service/URL Category "malware", set the rule to deny and I'm presented with a browser message telling me the network connection was interrupted. (no response page)
So either this is by design / technical limitation or it's a bug.
find my rule below
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!