This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall policy "drop" shows block page on HTTP connections

When I configure a policy to "drop" on all destination IPs and ports, I expect it to drop the traffic without notifying the user. However, I am receiving the "Stop! This website is blocked" page when I try to view any HTTP website. I would like it to drop the packets silently. How do I configure this?

I am running SFOS 18.0.1 MR-1-Build396

This thread was automatically locked due to age.

Top Replies

LuCar Toni over 3 years ago in reply to Rhys Goodwin +2 verified

Edit your Default Drop rule. Switch ANY (in Source zone and Destination zone) with all zones. Do not add WAN in the Source zone, instead all other zones. That should do the trick.

0 LuCar Toni over 3 years ago in reply to Rhys Goodwin

Its about a smaller difference in the Firewall settings, which will be approach in MR Version of XG. Basically the firewall is pointing to the proxy, what and which traffic the proxy has to pick up. As your firewall tells the proxy to pick up ANY to ANY, it will also pick up WAN to WAN Traffic, which can hit the firewall. The proxy has the option to drop this via block page.

This behavior should will be revisit in some next version to avoid it.

PS: This only occurs, if you choose to forward the traffic of WAN to the proxy. So a XG without this rule will not forward the traffic to the proxy.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 Rhys Goodwin over 3 years ago in reply to LuCar Toni

Thanks very much for the info LuCar. It would be good if future versions were clearer. In my view it would be ideal to have an
option on the drop rule settings to enable proxy response for some ports or just do a normal drop for all ports.

I appreciate your input too Michael.

Ngā mihi,
Rhys
Cancel
Vote Up 0 Vote Down

Cancel