| Description | This article describes how to disable or replace the replacement message that appears during a DDoS attack in FortiGate. |
| Scope | FortiGate. |
| Solution |
In some cases, it is necessary to disable the DDoS replacement message in FortiGate. If this feature is not turned off on the device, this message will actually notify the attacker that the device is not reachable anymore due to the DDoS attack attempt. In cases where this option is enabled, the message the attacker will get when trying to access the device will be as follows: 
By showing this message, the attacker will have another chance to attack the returning page. Unfortunately, it is not possible to turn off the replacement messages completely. Making adjustments to the replacement message can produce the following output: 
To achieve this, run the following CLI configuration:
config system replacemsg nac-quar nac-quar-dos show full-configuration set buffer "." set header none set format none end
This is how the configuration looks on the CLI:
In the GUI, the following shows under Replacement Messages -> Network Quarantine -> Network Quarantine DOS Block page:
See Replacement Messages - FortiGate Administration Guide for more information on replacement messages. |
