Endpoint Nac Replacement Message; Nac Quarantine Replacement Messages - Fortinet FortiGate Series Administration Manual

System Config

Endpoint NAC replacement message

NAC quarantine replacement messages

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
The Endpoint NAC Download Portal replacement message formats the FortiClient
download portal page that appears if you enable endpoint NAC in a firewall policy. The
portal provides links to download a FortiClient application installer. The endpoint control
replacement message is an HTML message.
You can modify the appearance of the FortiClient Download Portal from System > Config
> Replacement Messages > Endpoint NAC by editing the Endpoint NAC Download Portal
message.
Be sure to retain the %%LINK%% tag which provides the download URL for the
FortiClient installer.
For more information about Endpoint NAC, see
When a user is blocked by NAC quarantine or a DLP sensor with action set to Quarantine
IP address or Quarantine Interface, if they attempt to start an HTTP session through the
FortiGate unit using TCP port 80, the FortiGate unit connects them to one of the four NAC
Quarantine HTML pages listed in
The page that is displayed for the user depends on whether NAC quarantine blocked the
user because a virus was found, a DoS sensor detected an attack, an IPS sensor
detected an attack, or a DLP rule with action set to Quarantine IP address or Quarantine
Interface matched a session from the user.
The default messages inform the user of why they are seeing this page and recommend
they contact the system administrator. You can customize the pages as required, for
example to include an email address or other contact information or if applicable a note
about how long the user can expect to be blocked.
For more information about NAC quarantine see
list" on page 678.
Table 38: NAC quarantine replacement messages
Message name Description
Virus Message Antivirus Quarantine Virus Sender enabled in a protection profile adds a source
IP address or FortiGate interface to the banned user list. The FortiGate unit
displays this replacement message as a web page when the blocked user
attempts to connect through the FortiGate unit using HTTP on port 80 or when
any user attempts to connect through a FortiGate interface added to the banned
user list using HTTP on port 80.
DoS Message For a DoS Sensor the CLI quarantine option set to attacker or interface
and the DoS Sensor added to a DoS firewall policy adds a source IP, a
destination IP, or FortiGate interface to the banned user list. The FortiGate unit
displays this replacement message as a web page when the blocked user
attempts to connect through the FortiGate unit using HTTP on port 80 or when
any user attempts to connect through a FortiGate interface added to the banned
user list using HTTP on port 80. This replacement message is not displayed if
quarantine is set to both.
IPS Message Quarantine Attackers enabled in an IPS sensor filter or override and the IPS
sensor added to a protection profile adds a source IP address, a destination IP
address, or a FortiGate interface to the banned user list. The FortiGate unit
displays this replacement message as a web page when the blocked user
attempts to connect through the FortiGate unit using HTTP on port 80 or when
any user attempts to connect through a FortiGate interface added to the banned
user list using HTTP on port 80. This replacement message is not displayed if
method is set to Attacker and Victim IP Address.
"Endpoint NAC" on page
Table 38.
"NAC quarantine and the Banned User
Replacement messages
695.
261