SSLVPN disclaimers

Forum|Forum|16 years ago
April 7, 2010
6 replies
6797 views

Hi all, Does anyone know of a method to display a disclaimer for users once they have successfully authenticated using the SSL VPN. We have contractors with very limited access and I need to present something to them after they have authenticated which they then need to accept before continuing. I can' t see anything obvious in the configuration options? Cheers

abelio

SuperUser

Hi, as you' re running 4.1, one approach could be use CLI to edit auth firewall policy with something like:

  config firewall policy     edit <id_auth_policy>        set disclaimer enable      next  end

In some models you could display auth disclaimer page, customizable with replacement messages. Mobile user must accept your disclaimer to connect. Another related setting if disclaimer is available could be define an external page with your conditions and use " set redirect-url <url_name>" in the same policy. I' ve not access right now to an 1K unit to verify availabilty of this setting; please confirm it for us when you can. regards,

darrencarrAuthor

New Member

Hi Abel Thanks for getting back to me. I tried to edit the policy in question but I do not have this as an option? I have attached what my options are. The action defined for this policy is ' SSLVPN' I also checked other policies that did not have any authentication defined and they too had no option for a disclaimer.

Us52861.jpg

darrencarrAuthor

New Member

Hi Abel... Looking through the Forti OS 4 MR1 Admin Guide it would appear you can only use a disclaimer on a policy when the action is set to ACCEPT Page 326 User Authentication Disclaimer Available only on some models and only if Action is set to ACCEPT. Select this option to display the Authentication Disclaimer page (a replacement message) to the user. The user must accept the disclaimer to connect to the destination. You can use the disclaimer together with authentication or a protection profile. Redirect URL Available only on some models and only if Action is set to ACCEPT. If you enter a URL, the user is redirected to the URL after authenticating and/or accepting the user authentication disclaimer. Any other ideas? I can' t see anything in the CLI?

darrencarrAuthor

New Member

Ok...I can do a URL redirect but that doesn' t really achieve what I am trying to do... I would therefore like to modify the SSL-VPN login page. I have been into the replacement messages and have adjusted the title. I would like to add a statement beneath the box with a warning...my HTML skillls are none existent though... can anyone advise on how you would adjust the replacement message to include the warning so it appeared above the login box? Thanks guys

Troy_Sorzano

New Member

For below: Put a row TR and cell TD after the %%SSL_LOGIN%% token. It should look like this. %%SSL_LOGIN%%<tr><td>Your message here!</tr></td> For top: Put a row TR and cell TD before the %%SSL_LOGIN%% token. It should look like this. <tr><td>Your message here!</tr></td>%%SSL_LOGIN%% Troy

rwpatterson

New Member

Try this: <tr><td>%%SSL_LOGIN%%</td></tr><tr><td>Your message here!</td></tr> Put the " %%SSL_LOGIN%%" inside of the <TR><TD> elements. Also in the original post, the closing tags are reversed. Should be </td></tr>.

darrencarrAuthor

New Member

Hi Troy Thanks for the tip. When I put it in before the %%SSL_LOGIN%% token it appears inside of the Login Box. If I wanted it to appear outside of the login box how would I do that? Thanks for the help

darrencarrAuthor

New Member

Thanks for the input Bob to confirm <html><head><title>*******</title><meta http-equiv=" Pragma" content=" no-cache" ><meta http-equiv=" cache-control" content=" no-cache" ><meta http-equiv=" cache-control" content=" must-revalidate" ><link href=" /sslvpn/css/login.css" rel=" stylesheet" type=" text/css" ><script language=" JavaScript" ></script></head><body class=" main" ><center><table width=" 100%" height=" 100%" align=" center" class=" container" valign=" middle" cellpadding=" 0" cellspacing=" 0" ><tr valign=middle><td><form action=" %%SSL_ACT%%" method=" %%SSL_METHOD%%" name=" f" ><table class=" list" cellpadding=10 cellspacing=0 align=center width=400 height=180>%%SSL_LOGIN%%</table>%%SSL_HIDDEN%%</td></tr></table></form></center></body><script>document.forms[0].username.focus();</script></html> <html><head><title>******</title><meta http-equiv=" Pragma" content=" no-cache" ><meta http-equiv=" cache-control" content=" no-cache" ><meta http-equiv=" cache-control" content=" must-revalidate" ><link href=" /sslvpn/css/login.css" rel=" stylesheet" type=" text/css" ><script language=" JavaScript" ></script></head><body class=" main" ><center><table width=" 100%" height=" 100%" align=" center" class=" container" valign=" middle" cellpadding=" 0" cellspacing=" 0" ><tr valign=middle><td><form action=" %%SSL_ACT%%" method=" %%SSL_METHOD%%" name=" f" ><table class=" list" cellpadding=10 cellspacing=0 align=center width=400 height=180><tr><td>%%SSL_LOGIN%%</td></tr><tr><td>Your message here!</td></tr></table>%%SSL_HIDDEN%%</td></tr></table></form></center></body><script>document.forms[0].username.focus();</script></html>

rwpatterson

New Member

Looks solid! Give that a go.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded