System Config Replacement messages
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 259
http://docs.fortinet.com/ • Feedback
<TR><TH>Username:</TH>
<TD><INPUT NAME="%%USERNAMEID%%" SIZE="25" TYPE="text"> </TD></TR>
<TR><TH>Password:</TH>
<TD><INPUT NAME="%%PASSWORDID%%" SIZE="25" TYPE="password">
</TD></TR>
<TR><TD COLSPAN="2" ALIGN="center" BGCOLOR="#00cccc">
<INPUT NAME="%%STATEID%%" VALUE="%%STATEVAL%%" TYPE="hidden">
<INPUT NAME="%%REDIRID%%" VALUE="%%PROTURI%%" TYPE="hidden">
<INPUT VALUE="Continue" TYPE="submit"> </TD></TR>
</TBODY></TABLE></FORM></BODY></HTML>
FortiGuard Web Filtering replacement messages
The FortiGate unit sends the FortiGuard Web Filtering replacement messages listed in
Table 36 to web browsers using the HTTP protocol when FortiGuard web filtering blocks a
URL, provides details about blocked HTTP 4xx and 5xx errors, and for FortiGuard
overrides. FortiGuard Web Filtering replacement messages are HTTP pages.
Table 35: Authentication replacement messages
Message name Description
Disclaimer page User Authentication Disclaimer enabled in a firewall policy that also includes at
least one identity-based policy. When a firewall user attempts to browse a
network through the FortiGate unit using HTTP or HTTPS this disclaimer page is
displayed. The CLI includes auth-disclaimer-page-1, auth-
disclaimer-page-3, and auth-disclaimer-page-3 that you can use to
increase the size of the authentication disclaimer page replacement message.
For more information, see the FortiGate CLI Reference.
Declined
disclaimer page
The Disclaimer page replacement message does not re-direct the user to a
redirect URL or the firewall policy does not include a redirect URL. When a
firewall user selects the button on the disclaimer page to decline access through
the FortiGate unit, the Declined disclaimer page is displayed.
Login page The authentication HTML page displayed when firewall users who are required
to authenticate connect through the FortiGate unit using HTTP or HTTPS.
Login failed
page
The HTML page displayed if firewall users enter an incorrect user name and
password combination.
Login challenge
page
The HTML page displayed if firewall users are required to answer a question to
complete authentication. The page displays the question and includes a field in
which to type the answer. This feature is supported by RADIUS and uses the
generic RADIUS challenge-access auth response. Usually, challenge-access
responses contain a Reply-Message attribute that contains a message for the
user (for example, “Please enter new PIN”). This message is displayed on the
login challenge page. The user enters a response that is sent back to the
RADIUS server to be verified.
The Login challenge page is most often used with RSA RADIUS server for RSA
SecurID authentication. The login challenge appears when the server needs the
user to enter a new PIN. You can customize the replacement message to ask
the user for a SecurID PIN.
Keepalive page The HTML page displayed with firewall authentication keepalive is enabled using
the following command:
config system global
set auth-keepalive enable
end
Authentication keepalive keeps authenticated firewall sessions from ending
when the authentication timeout ends. Go to User > Options to set the
Authentication Timeout.
To Next Page
Loading...
Need help?
General