Well it seems that the man behind the curtain of support says that this isn't possible... I refuse to accept that this can't be done in a simple, reliable and supportable fashion. Like it or not Netgate I am going to build this feature in on my boxes. I think you greatly underestimate how many of your users will utilize this, many of us running pfsense are also running Teir 3 circuits (that utilize soft discos) to save money. Even outside of that, ICMP is outdated and not at all a good indicator of whether an end user can "access the internet".

I'm going to try building a script that will work with the existing infrastructure. Seems that the best way to go about it (without much effort or risk) is to use pfctl in a script to block ICMP responses from the configured monitoring host when the script detects a "_SoftDown_". SoftDown will be determined by Wget with "--bind-address" on specified gateway to check for a string in the returned html of a specified website. I'll run the script with cron every 5 minutes. Maybe I'll get fancy and try to email the email address configured in the GUI (maybe sending mail to root is enough) when SoftDown occurs.