Technical Note: Block-notification replacement message only works for HTTP
Description
Solution
It may be required the following message to the client Web browser when traffic matches an explicit deny in Firewall Policies.
By default the traffic is silently dropped (since v5.2.3).
By default the traffic is silently dropped (since v5.2.3).
Solution
To enable the block-notification message:
DNS resolution is required in order to have the block page message via HTTP
The block-notification message provides a blocked page for HTTP only. All other protocols are silently drops.
Example with block-notification message
In this case HTTP is blocked and block-notification message is shown.
Example without block-notification message
In this case HTTPS is blocked but no block-notification message is displayed.
config firewall policy
edit <policy_ID>
set block-notification enable
set action deny
end
DNS resolution is required in order to have the block page message via HTTP
The block-notification message provides a blocked page for HTTP only. All other protocols are silently drops.
Example with block-notification message
In this case HTTP is blocked and block-notification message is shown.
Example without block-notification message
In this case HTTPS is blocked but no block-notification message is displayed.
Related Articles
Technical Tip: Notification for blocked traffic default config 5.2.1 and 5.2.2 GA