Description
This article describes how to block (deny) and notify specific traffic from the policy and eventually change or personalize the alert message.
set block-notification is the feature to use into the policy to notify about the block traffic. This feature is disabled by default except in v5.2.2 where the default setting is enabled.
Solution
Create a deny policy and enable the block-notify feature.
# config firewall policy
edit 293
set srcintf "port1"
set dstintf "port2"
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic disable
set send-deny-packet enable <-----
next
end
Test the policy and check the alert-message on browser.
Personalize the relative block-notify message.
On the webgui go to System -> Config -> Replacement Messages.
Select the "Extended View" on the top right.
Look for "Block Notification Page" under 'Authentication'.
Modify the text message on the right-down text/html form and save using save button on the left.
It is possible to use html variable just typing %%.
For example, in this message %%POLICY%% return the policy ID. System will show all possible existing variables once typing %%[char]
Related Articles
Technical Tip: How to configure block-notification replacement messages for HTTP traffic
Technical Tip: Notification for blocked traffic default config 5.2.1 and 5.2.2 GA