System Config
Replacement messages
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
201
•
config system global
set access-banner enable
end
The web-based manager administrator login disclaimer contains the text of the Login
Disclaimer replacement message as well as Accept and Decline buttons. The
administrator must select accept to login.
Authentication replacement messages
The FortiGate unit uses the text of the authentication replacement messages listed in
for various user authentication HTML pages that are displayed when a user is
required to authenticate because a firewall policy includes at least one identity-based
policy that requires firewall users to authenticate. For more information about identity-
based policies, see
“Identity-based firewall policy options (non-SSL-VPN)” on page 328
and
“Configuring SSL VPN identity-based firewall policies” on page 331
.
These pages are used for authentication using HTTP and HTTPS. Authentication
replacement messages are HTML messages. You cannot customize the firewall
authentication messages for FTP and Telnet.
The authentication login page and the authentication disclaimer include replacement tags
and controls not found on other replacement messages.
Users see the authentication login page when they use a VPN or a firewall policy that
requires authentication. You can customize this page in the same way as you modify other
replacement messages,
Administrators see the authentication disclaimer page when logging into the FortiGate
web-based manager or CLI. The disclaimer page makes a statement about usage policy
to which the user must agree before the FortiGate unit permits access. You should
change only the disclaimer text itself, not the HTML form code.
There are some unique requirements for these replacement messages:
•
The login page must be an HTML page containing a form with ACTION="/" and
METHOD="POST"
•
The form must contain the following hidden controls:
•
<INPUT TYPE="hidden" NAME="%%MAGICID%%" VALUE="%%MAGICVAL%%">
•
<INPUT TYPE="hidden" NAME="%%STATEID%%" VALUE="%%STATEVAL%%">
•
<INPUT TYPE="hidden" NAME="%%REDIRID%%" VALUE="%%PROTURI%%">
•
The form must contain the following visible controls:
•
<INPUT TYPE="text" NAME="%%USERNAMEID%%" size=25>
•
<INPUT TYPE="password" NAME="%%PASSWORDID%%" size=25>
Example
The following is an example of a simple authentication page that meets the requirements
listed above.
<HTML><HEAD><TITLE>Firewall Authentication</TITLE></HEAD>
<BODY><H4>You must authenticate to use this service.</H4>
<FORM ACTION="/" method="post">
<INPUT NAME="%%MAGICID%%" VALUE="%%MAGICVAL%%" TYPE="hidden">
<TABLE ALIGN="center" BGCOLOR="#00cccc" BORDER="0"
CELLPADDING="15" CELLSPACING="0" WIDTH="320"><TBODY>
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...