Create User Response elements

You can define a different User Response entry for each case in which an HTTP or HTTPS connection matches a rule that closes the connection.

The HTTP or HTTPS connection is not allowed to continue in the following cases:

  • Connection Blacklisted (HTTP only) — The connection was closed according to a rule with the Apply Blacklist action.
  • Connection Discarded by Access Rule (HTTP only) — The connection was discarded according to an Access rule with the Discard action.
  • Connection Terminated by Inspection Rule — The connection was terminated according to the Inspection Policy.
  • URL Not Allowed — The connection was closed by rules for URL filtering.
  • Malware Found — The anti-malware feature detected malware in the connection.
Note: In some cases, such as when inspecting a large file transfer, it is not possible to apply a User Response to HTTPS traffic. In this case, the engine applies the default action for matching traffic. If an HTTPS connection is discarded before the payload is decrypted, no User Response is sent.

You can also redirect users to their original HTTP destination after they have authenticated to a Firewall. You automatically redirect the users after they have authenticated, or you can require the users to click a link to the original HTTP destination address on the user authentication page after authentication.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration.
  2. Expand the Other Elements branch, then select Engine Properties.
  3. Right-click User Responses, then select New User Response.
  4. In the Name field, enter a unique name.
  5. For the entry that you want to change, expand the section.
  6. From the Type of Response drop-down list, select one of the following responses:
    • Message Response — (Optional) Customize the message to display to the user.
    • URL Redirection — In the HTTP or HTTPS URL Destination field, enter the URL to which the connection is redirected. The URL must begin with http:// or https://.
    • Custom HTML — (Optional) Customize the HTML source code for the message to display to the user. The HTML source code must be a complete HTML page, including the <html> and <body> tags.
  7. (Optional) To dynamically add details about the connection to the message for the Custom HTML and Message Response response types, add variables.
    1. Click the location in the HTML source code or message text where you want to add the variable.
    2. Click Add Variable, then select the variable that you want to add.
    3. (Optional) To preview the message in your default web browser, click Preview in Browser.
  8. (Optional) To redirect users to their original destination after they have authenticated to the Firewall for the URL Redirection response type, define the settings for the redirection.
    1. To enable redirection to the original destination, select Enable Manual Redirection to Original URL After Authentication.
    2. (Optional) To automatically redirect the user to the original destination, select Enable Automatic Redirection to Original URL After Authentication.
  9. Click OK.

User Response Properties dialog box

Use this dialog box to define User Response element properties.

Option Definition
Name Specifies a unique name for the element.
Connection Blacklisted section Options for connections that are closed according to a rule with the Apply Blacklist action.
Connection Discarded by Access Rule section Options for connections that are discarded according to an Access rule with the Discard action.
Connection Terminated by Inspection Rule section Options for connections that are terminated according to the Inspection Policy.
URL Not Allowed section Options for connections that are closed by rules for URL filtering.
Malware Found section Options for connections that are closed because the anti-malware feature detected malware.
Blocked by DLP Scan Options for files that are blocked by data loss prevention (DLP) scans according to the File Filtering policy.
Type of Response The type of response that is shown to the user.
  • Message Response — Shows the user a custom message that you enter as text.
  • URL Redirection — The user is redirected to the specified URL.
  • Custom HTML — Shows the user a custom message that you enter as HTML source code.
  • No Response — The engine silently discards the connection.
Comment An optional comment for your own reference.
Option Definition
When Type of Response is Message Response
Title The title of the message that is shown to users.
Message The text of the message to show to users.
Add Variable Adds the selected variable at the current cursor position in the HTML source code.
Preview in Browser Shows a preview of the message in your default web browser.
Option Definition
When Type of Response is URL Redirection
URL The URL to which the user is redirected.
Enable Manual Redirection to Original URL After Authentication Enables redirection from the redirection URL to the user's original HTTP destination. Users can continue to their original HTTP destination after authenticating to the firewall.
Enable Automatic Redirection to Original URL After Authentication Enables automatic redirection from the redirection URL to the user's original HTTP destination. Users are automatically redirected to their original HTTP destination after authenticating to the firewall.
Option Definition
When Type of Response is Custom HTML
HTML The HTML source code of the message to show to users.

The HTML source code must be a complete HTML page, including the <html> and <body> tags.

Add Variable Adds the selected variable at the current cursor position in the HTML source code.
Preview in Browser Shows a preview of the message in your default web browser.