Replacement messages System Config
FortiGate Version 4.0 Administration Guide
204 01-400-89802-20090424
http://docs.fortinet.com/ • Feedback
Endpoint control replacement message
The endpoint control download portal replacement message formats the FortiClient
download portal page that appears if you enable endpoint control in a firewall policy and
select Redirect Non-conforming Clients to Download Portal. The portal provides links to
download a FortiClient application installer. The endpoint control replacement message is
an HTML message.
You can modify the appearance of the FortiClient Download Portal from System > Config
> Replacement Messages > Endpoint Control by editing the Endpoint Control Download
Portal.
Be sure to retain the %%LINK%% tag which provides the download URL for the
FortiClient installer.
For more information about Endpoint control, see “Endpoint control” on page 641.
NAC quarantine replacement messages
When a user is blocked by NAC quarantine or a DLP sensor with action set to Quarantine
IP address or Quarantine Interface, if they attempt to start an HTTP session through the
FortiGate unit using TCP port 80, the FortiGate unit connects them to one of the four NAC
Quarantine HTML pages listed in Table 37.
The page that is displayed for the user depends on whether NAC quarantine blocked the
user because a virus was found, a DoS sensor detected an attack, an IPS sensor
detected an attack, or a DLP rule with action set to Quarantine IP address or Quarantine
Interface matched a session from the user.
The default messages inform the user of why they are seeing this page and recommend
they contact the system administrator. You can customize the pages as required, for
example to include an email address or other contact information or if applicable a note
about how long the user can expect to be blocked.
For more information about NAC quarantine see “NAC quarantine and the Banned User
list” on page 595.
Table 37: NAC quarantine replacement messages
Message name Description
Virus Message Antivirus Quarantine Virus Sender enabled in a protection profile adds a source
IP address or FortiGate interface to the banned user list. The FortiGate unit
displays this replacement message as a web page when the blocked user
attempts to connect through the FortiGate unit using HTTP on port 80 or when
any user attempts to connect through a FortiGate interface added to the banned
user list using HTTP on port 80.
DoS Message For a DoS Sensor the CLI quarantine option set to attacker or interface
and the DoS Sensor added to a DoS firewall policy adds a source IP, a
destination IP, or FortiGate interface to the banned user list. The FortiGate unit
displays this replacement message as a web page when the blocked user
attempts to connect through the FortiGate unit using HTTP on port 80 or when
any user attempts to connect through a FortiGate interface added to the banned
user list using HTTP on port 80. This replacement message is not displayed if
quarantine is set to both.
IPS Message Quarantine Attackers enabled in an IPS sensor filter or override and the IPS
sensor added to a protection profile adds a source IP address, a destination IP
address, or a FortiGate interface to the banned user list. The FortiGate unit
displays this replacement message as a web page when the blocked user
attempts to connect through the FortiGate unit using HTTP on port 80 or when
any user attempts to connect through a FortiGate interface added to the banned
user list using HTTP on port 80. This replacement message is not displayed if
method is set to Attacker and Victim IP Address.
To Next Page
Loading...