Response Pages based on Zone.

Reply
Highlighted
L2 Linker

Response Pages based on Zone.

Hey, all. We have some sites with guest networks as well as internal networks. These come from zones named respective to what they are (e.g. guest, wireless, etc...).

 

We want to have response pages setup so that people know why they are being blocked, and in this response page it gives a link to our SOC in the event that this page needs to be unblocked. It provides a quick and easy course of resolution for the end user. However, obviously we don't want this link published to customers who may be using our guest network.

 

So the question is: Can different response pages be displayed based on the source zone?

 

Thanks.

Highlighted
L4 Transporter

The only way I'm seeing to do this would be if your guest network was in another vsys. There doesn't seem to be any options for making these pages zone-specific.

Highlighted
L2 Linker

I concur with this. I was hoping maybe someone had experienced it and come up with a way, or knew that it was possible.


Thanks!

Highlighted
L2 Linker

Gareth,

 

What you can do is create separate block rules based on source zones and then in the response page create a basic client-side JavaScript that would be adjusting parts of the response page depending on the name of the block rule that was hit. There is a valiable called <rulename/> - use it in the JavaScript.

 

Unfortunately this is going to work well only for blocks invoked via Deny action set as the rule action. If you block based on a URL-profile then things become more complicated and for that you may need to resort to creating multiple VSYSes...

Highlighted
L4 Transporter

You know, if you have different internal and external DNS zones for your domain, you might be able to use a generic block page with a link to different sets of instructions for internal and guest users. For example, "Visit webblocks.mycompany.com for details" might be the URL in the block message. Assuming your guest networks don't use your internal DNS servers, this could point to a public page which includes info about what content is blocked, the acceptable use policy, etc. On your internal DNS server, that record could point to an internal web server showing a page with instructions on how to contact support. This is definitely just a workaround, and only works if your DNS is setup as described, but I thought I might mention it anyway.

Highlighted
L2 Linker

It might be a viable idea with DNS...

You can even bypass the DNS altogether and produce different blockpages on the webserver itself (diffirentiating users by the source IP) or use a load balancer/ADC for the same very purpose - to direct users to relevant page based on their IP address (= Zone)... 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!