How can I change policy action to " reject"

A reject option would not let the user know as such, it would simply reply to the initial TCP connection to say its rejected. So unless you have an app that uses this specific technique, the reject only really increases the timeout window. as the connecting program knows its quit immediately, rather than waiting to the end of the timeout. Reject is less efficient and therefore not really required. Hope this makes sense, in essence, if a user is web browsing, they would get the same message in the browser anyway i suspect.

Because I don' t want user browse blocked web that wait for too much time getting time out information. I think user can get blocked information if policy action is " reject" . And Some app program would auto connect blocked webs when opening and it would waste much time to wait for connect if I set policy action to " Drop" . So if I can set action to " reject" that the app program whether it can open quickly. Thanks

users wouldnt get a nice message generally, they would get an error, just like when the website they are trying to browse to is down. A reject is not possible in fortinet, sorry. if you wanted the users to get nice fortinet-generated messages when a website is unaccessible, then you would need to use web-filtering in your profile, then they will get the fortinet page saying blocked etc..

got it!!~ Thanks for your suggestion~

I have another question is why Fortinet don' t add " reject" function ? FortiOS is build on Linux and it should be easy to add " reject" function. thanks