Replacement messages
System Config
FortiGate Version 4.0 Administration Guide
202
01-400-89802-20090424
<TR><TH>Username:</TH>
<TD><INPUT NAME="%%USERNAMEID%%" SIZE="25" TYPE="text"> </TD></TR>
<TR><TH>Password:</TH>
<TD><INPUT NAME="%%PASSWORDID%%" SIZE="25" TYPE="password">
</TD></TR>
<TR><TD COLSPAN="2" ALIGN="center" BGCOLOR="#00cccc">
<INPUT NAME="%%STATEID%%" VALUE="%%STATEVAL%%" TYPE="hidden">
<INPUT NAME="%%REDIRID%%" VALUE="%%PROTURI%%" TYPE="hidden">
<INPUT VALUE="Continue" TYPE="submit"> </TD></TR>
</TBODY></TABLE></FORM></BODY></HTML>
FortiGuard Web Filtering replacement messages
The FortiGate unit sends the FortiGuard Web Filtering replacement messages listed in
to web browsers using the HTTP protocol when FortiGuard web filtering blocks a
URL, provides details about blocked HTTP 4xx and 5xx errors, and for FortiGuard
overrides. FortiGuard Web Filtering replacement messages are HTTP pages.
Table 34: Authentication replacement messages
Message name Description
Disclaimer page
User Authentication Disclaimer
enabled in a firewall policy that also includes at
least one identity-based policy. When a firewall user attempts to browse a
network through the FortiGate unit using HTTP or HTTPS this disclaimer page is
displayed. The CLI includes
auth-disclaimer-page-1
,
auth-
disclaimer-page-3
, and
auth-disclaimer-page-3
that you can use to
increase the size of the authentication disclaimer page replacement message.
For more information, see the
Declined
disclaimer page
The
Disclaimer page
replacement message does not re-direct the user to a
redirect URL or the firewall policy does not include a redirect URL. When a
firewall user selects the button on the disclaimer page to decline access through
the FortiGate unit, the
Declined disclaimer page
is displayed.
Login page
The authentication HTML page displayed when firewall users who are required
to authenticate connect through the FortiGate unit using HTTP or HTTPS.
Login failed
page
The HTML page displayed if firewall users enter an incorrect user name and
password combination.
Login challenge
page
The HTML page displayed if firewall users are required to answer a question to
complete authentication. The page displays the question and includes a field in
which to type the answer. This feature is supported by RADIUS and uses the
generic RADIUS challenge-access auth response. Usually, challenge-access
responses contain a Reply-Message attribute that contains a message for the
user (for example, “Please enter new PIN”). This message is displayed on the
login challenge page. The user enters a response that is sent back to the
RADIUS server to be verified.
The Login challenge page is most often used with RSA RADIUS server for RSA
SecurID authentication. The login challenge appears when the server needs the
user to enter a new PIN. You can customize the replacement message to ask
the user for a SecurID PIN.
Keepalive page
The HTML page displayed with firewall authentication keepalive is enabled using
the following command:
config system global
set auth-keepalive enable
end
Authentication keepalive keeps authenticated firewall sessions from ending
when the authentication timeout ends. Go to
User > Options
to set the
Authentication Timeout
.
Содержание Gate 60D
Страница 678: ...Reports Log Report FortiGate Version 4 0 Administration Guide 678 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 704: ...Index FortiGate Version 4 0 Administration Guide 704 01 400 89802 20090424 http docs fortinet com Feedback...
Страница 705: ...www fortinet com...
Страница 706: ...www fortinet com...