Technical Tip: Enabling and using the admin disclaimer page

Description

This article describes how to enable the pre-login-banner and post-login-banner features, which present a disclaimer page as part of the administrative login process to the FortiGate.

Scope

FortiGate.

Solution

The pre-login-banner page is a disclaimer message that is presented to an admin user after initiating a connection to the FortiGate for admin access (e.g. via HTTPS, SSH, etc.,) but before a prompt is given for username and password. In the GUI, this prompt is presented immediately after initial connection and must be accepted before credentials can be entered, whereas in the CLI this is presented after entering an initial administrator username.

The post-login-banner page is another disclaimer message, but this one is presented after the administrator enters valid credentials. The disclaimer must be accepted before proceeding further into the FortiGate.

These settings can only be enabled in the CLI by navigating to config system global and enabling the following options: 

config system global
    set pre-login-banner enable
    set post-login-banner enable
end

The default banner messages are displayed below. For more information on customizing either of these banners on FortiGate, check out Technical Tip: Customizing Post and Pre Login Disclaimer banner for admin login.

After enabling pre-login-banner, the following will be observed in the FortiGate GUI and SSH after the initial connection:

After enabling post-login-banner, the FortiGate GUI and SSH  Admin access will show the following default post login banner after a successful admin login attempt: