User Response elements and how they work

User Response elements allow you to define custom responses that are sent to the user when an HTTP or HTTPS connection is closed.

User Responses make it possible to explain to the user why the connection was closed instead of simply closing the connection with no notification. They help administrators differentiate cases where the NGFW Engine closes a connection from cases where a technical problem prevents the connection from going through.

When you combine User Responses with browser-based user authentication, you can also redirect users to their original destination after they have authenticated to a Firewall. The redirection can be automatic or require the users to click a link to the original HTTP destination address on the user authentication page after they have authenticated.

You can use User Responses in Access rules and in Inspection Policies. Redirection to the user's original HTTP destination after authentication must be configured in the Inspection Policy.

Limitations of User Responses

User Responses have the following limitations:

  • To use User Responses with HTTPS traffic, you must enable decryption of HTTPS traffic.
  • Some web browsers, such as Mozilla Firefox and Google Chrome, use HTTP Strict Transport Security (HSTS) to enforce the use of HTTPS by default. The end user's web browser might not accept the certificate for TLS inspection when HSTS is used.