Replacement messages
System Config
FortiGate Version 4.0 Administration Guide
204
01-400-89802-20090424
Endpoint control replacement message
The endpoint control download portal replacement message formats the FortiClient
download portal page that appears if you enable endpoint control in a firewall policy and
select
Redirect Non-conforming Clients to Download Portal
. The portal provides links to
download a FortiClient application installer. The endpoint control replacement message is
an HTML message.
You can modify the appearance of the FortiClient Download Portal from
System > Config
> Replacement Messages > Endpoint Control
by editing the
Endpoint Control Download
Portal
.
Be sure to retain the %%LINK%% tag which provides the download URL for the
FortiClient installer.
For more information about Endpoint control, see
“Endpoint control” on page 641
NAC quarantine replacement messages
When a user is blocked by NAC quarantine or a DLP sensor with action set to Quarantine
IP address or Quarantine Interface, if they attempt to start an HTTP session through the
FortiGate unit using TCP port 80, the FortiGate unit connects them to one of the four NAC
Quarantine HTML pages listed in
The page that is displayed for the user depends on whether NAC quarantine blocked the
user because a virus was found, a DoS sensor detected an attack, an IPS sensor
detected an attack, or a DLP rule with action set to
Quarantine IP address
or
Quarantine
Interface
matched a session from the user.
The default messages inform the user of why they are seeing this page and recommend
they contact the system administrator. You can customize the pages as required, for
example to include an email address or other contact information or if applicable a note
about how long the user can expect to be blocked.
For more information about NAC quarantine see
“NAC quarantine and the Banned User
Table 37: NAC quarantine replacement messages
Message name Description
Virus Message
Antivirus
Quarantine Virus Sender
enabled in a protection profile adds a source
IP address or FortiGate interface to the banned user list. The FortiGate unit
displays this replacement message as a web page when the blocked user
attempts to connect through the FortiGate unit using HTTP on port 80 or when
any user attempts to connect through a FortiGate interface added to the banned
user list using HTTP on port 80.
DoS Message
For a DoS Sensor the CLI
quarantine
option set to
attacker
or
interface
and the DoS Sensor added to a DoS firewall policy adds a source IP, a
destination IP, or FortiGate interface to the banned user list. The FortiGate unit
displays this replacement message as a web page when the blocked user
attempts to connect through the FortiGate unit using HTTP on port 80 or when
any user attempts to connect through a FortiGate interface added to the banned
user list using HTTP on port 80. This replacement message is not displayed if
quarantine
is set to
both
.
IPS Message
Quarantine Attackers
enabled in an IPS sensor filter or override and the IPS
sensor added to a protection profile adds a source IP address, a destination IP
address, or a FortiGate interface to the banned user list. The FortiGate unit
displays this replacement message as a web page when the blocked user
attempts to connect through the FortiGate unit using HTTP on port 80 or when
any user attempts to connect through a FortiGate interface added to the banned
user list using HTTP on port 80. This replacement message is not displayed if
method
is set to
Attacker and Victim IP Address
.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...