Technical Tip: How to change the block alert message

cborgato_FTNT · ‎05-15-2015

Description

This article describes how to block (deny) and notify specific traffic from the policy and eventually change or personalize the alert message.

set block-notification is the feature to use into the policy to notify about the block traffic. This feature is disabled by default except in v5.2.2 where the default setting is enabled.

Solution

Create a deny policy and enable the block-notify feature.

# config firewall policy
   edit 293
        set srcintf "port1"
        set dstintf "port2"
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set logtraffic disable
        set send-deny-packet enable <-----
   next
end

Test the policy and check the alert-message on browser.

Personalize the relative block-notify message.

On the webgui go to System -> Config -> Replacement Messages.
Select the "Extended View" on the top right.
Look for "Block Notification Page" under 'Authentication'.

Modify the text message on the right-down text/html form and save using save button on the left.

It is possible to use html variable just typing %%.

For example, in this message %%POLICY%% return the policy ID. System will show all possible existing variables once typing %%[char]

Related Articles

Technical Tip: How to configure block-notification replacement messages for HTTP traffic

Technical Tip: Notification for blocked traffic default config 5.2.1 and 5.2.2 GA