Skip to main content

Configuring Block Notification Page on Zenconsole

Block Notification Page, also known as "Landing Page", is the page users will be prompted when traffic is blocked by Zenarmor®. When accessing potentially harmful activities according to your rules, users are redirected to a secure landing page.

With Zenarmor's Customizable Landing Pages, enterprises can now be completely transparent about corporate regulations while providing a secure and protected network environment for all users.

Custom Landing Pages (CLP) from Zenarmor assist in educating everyone about possible risks to their company and reassuring them that they are protected.

As the owner of a Zenarmor Next-Generation Firewall, you have the power to design Custom Landing Pages that explain to staff why particular HTTPS pages are banned because they do not conform with business regulations, are possibly damaging, or unwittingly present cyber dangers to your company. This functionality eliminates calls to the helpdesk and user annoyance associated with not knowing why they cannot access certain online material.

tip

Block notification page is only available for web filtering. When a connection is blocked due to your application control rules, you may not view a landing page.

In Block Notification Page Pane, you can perform the following tasks:

  • download Node CA (Certificate Authority) certificate.

  • upload a new HTML template for a new design landing page.

  • view, edit or download the current template.

To configure Block Notification Page features, you may follow the steps given below:

  1. Select your firewall on Zenconsole.

  2. Click Settings menu on the left-hand sidebar.

  3. Click Block Notification Page menu.

    Zenconsole - Configuring Block Notification Page

    Figure 1. Zenconsole - Configuring Block Notification Page

note

Block Notification Page for TLS connections is only available for premium Zenarmor Editions.

warning

In order to show the block notification page, it is necessary to ban clients on your network from utilizing DNS-over-HTTPS (DOH) or DNS-over-TLS (DOT), since the Block Notification Page feature relies on DNS-based filtering.

Typically, users activate DNS over HTTPS or DNS over TLS settings on their web browsers.

To prevent DOH and DOT traffic on your network, you may activate the DNS over HTTPS feature in the Essential Security rules. Additionally, you can enable the DNS over HTTPS and DNS over TLS choices in the Network Management settings under Application Controls.

Block Notification Page is enabled for TLS-encrypted connections by default.

warning

Since your default internal CA is not trusted by the browser, you will get a warning message like Your connection isn't private. Attackers might be trying to steal your information NET::ERR_CERT_AUTHORITY_INVALID for each blocked SSL site you visit.

ERR_CERT_AUTHORITY_INVALID warning message

**Figure 2. ** ERR_CERT_AUTHORITY_INVALID warning message

To solve this issue, you must add the Zenarmor default CA certificate as a trusted root CA certificate in your client OS. Or, users must type "thisisunsafe" to display the landing page.

Copy or Download Block Notification Page Template

For later use or archive purpose, you can download the template.

To download or copy the existing template, you may follow the next steps:

  1. Click ... (3-dot) icon at the top right corner of the code editor. This will open a drop-down menu.

    Zenconsole - Copy or Download Block Notification Page Template

    Figure 3. Zenconsole - Copy or Download Block Notification Page Template

  2. Click Download or **Copy to Clipboard.

  3. Select the location on your local filesystem.

  4. Click the Save button to save the template.

Edit Block Notification Page

Zenconsole provides you with a simple HTML code editor to edit your block notification page. You may customize the landing page for your company as you wish.

Adding Tag

Zenconsole allows you to add the following tags to the landing page so that you can give more details about the traffic blocks to your users:

  • Rule Application
  • Rule Username (if applicable)
  • Rule Client IP address
  • Rule Remote IP address
  • Connection Client IP address
  • Connection Remote IP address
  • Rule Application Category
  • Rule Web Category
  • Rule Based Alert Message

For example, you may add add Rule Application Category tag to the default landing page template by following the steps given below:

  1. Go to the end of the line number 257 and press enter.

  2. Add the following lines.

    <tr>
        <td style="text-align:right"><b>Application Category:</b></td>
        <td>__appcat__</td>
    </tr>

  3. Click Preview button at the top of the code editor.

  4. Click Show Details. You should see the following page.

    Zenconsole - Adding Application Category Tag to Landing Page Template

    Figure 4. Zenconsole - Adding Application Category Tag to Landing Page Template

  5. Click Save.

Zenconsole allows you to add a logo to the landing page by following the steps below:

  1. Click Add Logo button at the top left corner of the code editor. This will open a file explorer.

  2. Select the image file on your local filesystem.

  3. Click Open to upload your logo. This will add a line at the end of your HTML file.

  4. Click Preview to view your new landing page.

  5. Click the Save button to save the template.

    Zenconsole - Adding Logo to Landing Page Template

    Figure 5. Zenconsole - Adding Logo to Landing Page Template

Upload a New Template

To upload a new template you may follow the next steps:

  1. Click Add HTML File button at the top of the code editor. This will open a file explorer.

  2. Select template file and click Open.

    Zenconsole - Uploading Block Notification Page

    Figure 6. Zenconsole - Uploading Block Notification Page Template

  3. You can view existing templates or newly created templates by clicking the Preview button at the top right of the code editor.

  4. Click the Save button to save the template.

Download CA Certificate

Zenconsole allows you to download internal CA certificate in both PEM and CRT format via Block Notification Page pane.

You may easily download internal CA certificate by following next steps:

  1. Click Download CA Certificate button in the Certificate Authority pane at the bottom of the page. This will open a drop-down menu.

  2. Select the certificate format that you want to save. This will open a file explorer window.

  3. Click Save.

    Zenconsole - Downloading CA Certificate

    Figure 6. Zenconsole - Downloading CA Certificate

tip

To import the CA certificate file, node-ca.pem, into a MS Windows system, you need to convert it to .crt format by using openssl tool on your OPNsense node:

openssl x509 -outform der -in node-ca.pem -out node-ca.crt

Video on Zenarmor Block Notification Page

Here is a video that will will explain the benefits of the Zenarmor Block Notification Page:

Last updated on by Zenarmor