The Enable Deny Page option for Geolocation on outgoing policies
What is the implication of having the "Enable Deny Page" option selected for policies which allow outgoing traffic?
Anything?
Is this option ignored for outgoing traffic?
Does "inbound" below mean from an External interface?
From the docs:
In Fireware v12.8 or higher, you can choose whether inbound traffic that Geolocation denies receives a deny page.
Best Answer
-
james.carson Moderator, WatchGuard Representative
Hi Bruce,
This only works for inbound traffic (if you are bringing traffic in from a source other than an external zone, it'll just ignore it.)
The only implication I can think of from the firewall itself is that the deny pages take resources to generate, so if you're having to generate an excessive number of deny pages it might be better to just not. Some customers may also consider it a security issue as it basically discloses what type of policy you're using to deny the user.
-James Carson
WatchGuard Customer Support0