FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akumarr
Staff
Staff
Article Id 191378

Description
This article describes how to customize replacement messages for individual web filter profiles.

Related article.
https://docs.fortinet.com/document/fortigate/7.0.0/administration-guide/853773/replacement-message-g...

Solution
Replacement message groups allow to customize replacement messages for individual policies and profiles.

There are two types of replacement message groups:

- Utm: used with UTM settings in firewall policies. Messages in the following categories can be customized: mail, http, web proxy, ftp, nntp, FortiGuard-wf, spam, alertmail, admin, sslvpn, nac-quar, traffic-quota, utm, custom-message, and icap.

- Auth: used with authentication pages in firewall policies. Messages in the following categories can be customized: web proxy and auth.

To create a replacement message group in the GUI:

Make replacement message groups visible in the GUI with the following CLI command:
# config system settings
    set gui-replacement-message-groups enable
end
1) Two replacement message groups have been created.

Facebook block is one of the group and Twitter is the another one.

Refer to the pictures below.

Note:

Both belong to Security group type.



 
 

2)  Along with this, two web filter profiles have been created.

Facebook is the name of the first and Twitter is the second.

 


 

3) Facebook website is blocked on Facebook's web filter profile and Twitter website is blocked on Twitter's web filter profile too.

 

 

 

4)Along with this, two policies for two hosts have been created.

One policy has Facebook's web filter profile(to block Facebook) while the other one has Twitter web filter profile (to block Twitter).

 

                                                                        

 

5) Now as soon as the traffic is initiated, the traffic will be blocked along with that replacement message will be displayed.

In PC 1.

 

In PC 2.


 

From the above, pictures that two separate block pages are visible.Iin order to do this, follow these steps:

1) Edit the replacement message groups (it will redirect the user to replacement message tab) and search for URL block page then customize accordingly.

2) Navigate to the web filter profile and then map the Replacement message group.

Configuration for step 1 is mentioned below.

              

 

 

Edit the second replacement group.

The second stage is set out below.

# config webfilter profile
    edit Facebook
    set replacemsg-group Facebook\ \ block
next
    edit Twitter
        set replacemsg-group Twitter\ block
end

As soon as these settings are done, a differrent web page block message will be visible.

Contributors