Fortiguard Web Filtering Replacement Messages - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
System Config
FortiGuard Web Filtering replacement messages
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
<TR><TH>Username:</TH>
<TD><INPUT NAME="%%USERNAMEID%%" SIZE="25" TYPE="text"> </TD></TR>
<TR><TH>Password:</TH>
<TD><INPUT NAME="%%PASSWORDID%%" SIZE="25" TYPE="password">
</TD></TR>
<TR><TD COLSPAN="2" ALIGN="center" BGCOLOR="#00cccc">
<INPUT NAME="%%STATEID%%" VALUE="%%STATEVAL%%" TYPE="hidden">
<INPUT NAME="%%REDIRID%%" VALUE="%%PROTURI%%" TYPE="hidden">
<INPUT VALUE="Continue" TYPE="submit"> </TD></TR>
</TBODY></TABLE></FORM></BODY></HTML>
Table 35: Authentication replacement messages
Message name Description
Disclaimer page User Authentication Disclaimer enabled in a firewall policy that also includes at
least one identity-based policy. When a firewall user attempts to browse a
network through the FortiGate unit using HTTP or HTTPS this disclaimer page is
displayed. The CLI includes auth-disclaimer-page-1, auth-
disclaimer-page-3, and auth-disclaimer-page-3 that you can use to
increase the size of the authentication disclaimer page replacement message.
For more information, see the
Declined
The Disclaimer page replacement message does not re-direct the user to a
disclaimer page
redirect URL or the firewall policy does not include a redirect URL. When a
firewall user selects the button on the disclaimer page to decline access through
the FortiGate unit, the Declined disclaimer page is displayed.
Login page
The authentication HTML page displayed when firewall users who are required
to authenticate connect through the FortiGate unit using HTTP or HTTPS.
Login failed
The HTML page displayed if firewall users enter an incorrect user name and
page
password combination.
Login challenge
The HTML page displayed if firewall users are required to answer a question to
page
complete authentication. The page displays the question and includes a field in
which to type the answer. This feature is supported by RADIUS and uses the
generic RADIUS challenge-access auth response. Usually, challenge-access
responses contain a Reply-Message attribute that contains a message for the
user (for example, "Please enter new PIN"). This message is displayed on the
login challenge page. The user enters a response that is sent back to the
RADIUS server to be verified.
The Login challenge page is most often used with RSA RADIUS server for RSA
SecurID authentication. The login challenge appears when the server needs the
user to enter a new PIN. You can customize the replacement message to ask
the user for a SecurID PIN.
Keepalive page
The HTML page displayed with firewall authentication keepalive is enabled using
the following command:
config system global
set auth-keepalive enable
end
Authentication keepalive keeps authenticated firewall sessions from ending
when the authentication timeout ends. Go to User > Options to set the
Authentication Timeout.
The FortiGate unit sends the FortiGuard Web Filtering replacement messages listed in
Table 36
to web browsers using the HTTP protocol when FortiGuard web filtering blocks a
URL, provides details about blocked HTTP 4xx and 5xx errors, and for FortiGuard
overrides. FortiGuard Web Filtering replacement messages are HTTP pages.
FortiGate CLI
Reference.
Replacement messages
259
Advertisement
Table of Contents
