Response Pages based on Zone.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Response Pages based on Zone.

L3 Networker

Hey, all. We have some sites with guest networks as well as internal networks. These come from zones named respective to what they are (e.g. guest, wireless, etc...).

 

We want to have response pages setup so that people know why they are being blocked, and in this response page it gives a link to our SOC in the event that this page needs to be unblocked. It provides a quick and easy course of resolution for the end user. However, obviously we don't want this link published to customers who may be using our guest network.

 

So the question is: Can different response pages be displayed based on the source zone?

 

Thanks.

5 REPLIES 5

L4 Transporter

The only way I'm seeing to do this would be if your guest network was in another vsys. There doesn't seem to be any options for making these pages zone-specific.

I concur with this. I was hoping maybe someone had experienced it and come up with a way, or knew that it was possible.


Thanks!

L2 Linker

Gareth,

 

What you can do is create separate block rules based on source zones and then in the response page create a basic client-side JavaScript that would be adjusting parts of the response page depending on the name of the block rule that was hit. There is a valiable called <rulename/> - use it in the JavaScript.

 

Unfortunately this is going to work well only for blocks invoked via Deny action set as the rule action. If you block based on a URL-profile then things become more complicated and for that you may need to resort to creating multiple VSYSes...

You know, if you have different internal and external DNS zones for your domain, you might be able to use a generic block page with a link to different sets of instructions for internal and guest users. For example, "Visit webblocks.mycompany.com for details" might be the URL in the block message. Assuming your guest networks don't use your internal DNS servers, this could point to a public page which includes info about what content is blocked, the acceptable use policy, etc. On your internal DNS server, that record could point to an internal web server showing a page with instructions on how to contact support. This is definitely just a workaround, and only works if your DNS is setup as described, but I thought I might mention it anyway.

It might be a viable idea with DNS...

You can even bypass the DNS altogether and produce different blockpages on the webserver itself (diffirentiating users by the source IP) or use a load balancer/ADC for the same very purpose - to direct users to relevant page based on their IP address (= Zone)... 

  • 3221 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!