Authentication Replacement Messages - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Replacement messages
Authentication replacement messages
258
config system global
set access-banner enable
end
The web-based manager administrator login disclaimer contains the text of the Login
Disclaimer replacement message as well as Accept and Decline buttons. The
administrator must select accept to login.
The FortiGate unit uses the text of the authentication replacement messages listed in
Table 35
for various user authentication HTML pages that are displayed when a user is
required to authenticate because a firewall policy includes at least one identity-based
policy that requires firewall users to authenticate. For more information about identity-
based policies, see
"Identity-based firewall policy options (non-SSL-VPN)" on page 397
and
"Configuring SSL VPN identity-based firewall policies" on page
These pages are used for authentication using HTTP and HTTPS. Authentication
replacement messages are HTML messages. You cannot customize the firewall
authentication messages for FTP and Telnet.
The authentication login page and the authentication disclaimer include replacement tags
and controls not found on other replacement messages.
Users see the authentication login page when they use a VPN or a firewall policy that
requires authentication. You can customize this page in the same way as you modify other
replacement messages,
Administrators see the authentication disclaimer page when logging into the FortiGate
web-based manager or CLI. The disclaimer page makes a statement about usage policy
to which the user must agree before the FortiGate unit permits access. You should
change only the disclaimer text itself, not the HTML form code.
There are some unique requirements for these replacement messages:
•
The login page must be an HTML page containing a form with ACTION="/" and
METHOD="POST"
•
The form must contain the following hidden controls:
• <INPUT TYPE="hidden" NAME="%%MAGICID%%" VALUE="%%MAGICVAL%%">
• <INPUT TYPE="hidden" NAME="%%STATEID%%" VALUE="%%STATEVAL%%">
• <INPUT TYPE="hidden" NAME="%%REDIRID%%" VALUE="%%PROTURI%%">
•
The form must contain the following visible controls:
• <INPUT TYPE="text" NAME="%%USERNAMEID%%" size=25>
• <INPUT TYPE="password" NAME="%%PASSWORDID%%" size=25>
Example
The following is an example of a simple authentication page that meets the requirements
listed above.
<HTML><HEAD><TITLE>Firewall Authentication</TITLE></HEAD>
<BODY><H4>You must authenticate to use this service.</H4>
<FORM ACTION="/" method="post">
<INPUT NAME="%%MAGICID%%" VALUE="%%MAGICVAL%%" TYPE="hidden">
<TABLE ALIGN="center" BGCOLOR="#00cccc" BORDER="0"
CELLPADDING="15" CELLSPACING="0" WIDTH="320"><TBODY>
400.
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
System Config
•
Feedback
Advertisement
Table of Contents
