| Description | This article explains how to display the number of the policy responsible for blocking websites through the web filter profile. |
| Scope | Any currently supported version of FortiGate. |
| Solution |
It is possible make a blocked page display the policy number when a web filter profile is used in that policy. This can be achieved by modifying the replacement message of that profile.
In this article, a static URL filter has been configured to block Fortinet sites:
Modify 'URL Block Page' in a Replacement Message of choice from the 'Replacement Messages' section under 'System'. This replacement message will be displayed for static URL filtering.
To change it, right-click on the section to modify and select 'Insert Tag':
After that, add the 'POLICY_ID' tag. This tag will be replaced with the ID of the blocking policy when the message appears. The '123' will appear after the 'POLICY_ID' tag is added.
It is also possible to modify the message. In this case, the 'Description' message was changed to 'Policy'.
After, users bound by the policy trying to access a blocked site will see the message with the policy ID number:
Inspection mode must be set to 'proxy' for a replacement message to work.
In the CLI:
# config firewall policy edit 1 set name "Blocked Polciy" set uuid 31626864-96e7-51ed-cf75-6d016b7df25e set srcintf "lan" set dstintf "wan" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set inspection-mode proxy set utm-status enable set ssl-ssh-profile "certificate-inspection" set webfilter-profile "default" set logtraffic all set nat enable next end
The blocked site configured in the block notification web profile looks like this:
Related article: |
