Description
This article describes how to enable/disable Persistent Agent notifications regarding the VPN connections.
When an endpoint is connected over a managed VPN tunnel, the following notifications will appear regardless of ClientStateEnabled Persistent Agent setting.
When end station first connects, access is restricted, and the agent displays:
'Network restrictions have been applied for this device'.
Once the appliance has evaluated the end station and moved the IP address to the unrestricted network object group, the agent displays:
'Network restrictions have been lifted for this device'.
Scope
FortiNAC.
Solution
These agent notifications inform the remote user of their current access. The notifications are enabled by default, however, it is possible to disable them if desired.
Login to the CLI as root and configure attributes specific to the integrated VPN server's device model (Cisco ASA or FortiGate). Contact Support for assistance.
All agent notifications when connecting over VPN:
Disable:
device –ip <VPN Server IP> –setAttr –name DisableClientTransitionMessages –value true
Re-enable all agent notifications:
device –ip <VPN Server IP> –setAttr –name DisableClientTransitionMessages –value false
Example:
device –ip 192.168.1.1 –setAttr –name DisableClientTransitionMessages –value true
'Network restrictions have been applied for this device' notification:
Disable:
device –ip <VPN Server IP> –setAttr –name DisableRestrictMessageText –value true
Re-enable:
device –ip <VPN Server IP> –setAttr –name DisableRestrictMessageText –value false
'Network restrictions have been lifted for this device' notification:
Disable:
device –ip <VPN Server IP> –setAttr –name DisableClearMessageText –value true
Re-enable:
device –ip <VPN Server IP> –setAttr –name DisableClearMessageText –value false
For further details on VPN integrations, refer to the following reference manuals in the Fortinet Document Library:
