Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SSLVPN disclaimers
Hi all,
Does anyone know of a method to display a disclaimer for users once they have successfully authenticated using the SSL VPN. We have contractors with very limited access and I need to present something to them after they have authenticated which they then need to accept before continuing. I can' t see anything obvious in the configuration options?
Cheers
Fortigate 1000A
v4.0,build194,100121 (MR1 Patch 4)
Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
as you' re running 4.1, one approach could be use CLI to edit auth firewall policy with something like:
config firewall policy edit <id_auth_policy> set disclaimer enable next endIn some models you could display auth disclaimer page, customizable with replacement messages. Mobile user must accept your disclaimer to connect. Another related setting if disclaimer is available could be define an external page with your conditions and use " set redirect-url <url_name>" in the same policy. I' ve not access right now to an 1K unit to verify availabilty of this setting; please confirm it for us when you can. regards,
regards
/ Abel
regards
/ Abel
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Abel
Thanks for getting back to me.
I tried to edit the policy in question but I do not have this as an option? I have attached what my options are.
The action defined for this policy is ' SSLVPN'
I also checked other policies that did not have any authentication defined and they too had no option for a disclaimer.
Fortigate 1000A
v4.0,build194,100121 (MR1 Patch 4)
Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Abel...
Looking through the Forti OS 4 MR1 Admin Guide it would appear you can only use a disclaimer on a policy when the action is set to ACCEPT
Page 326
User
Authentication
Disclaimer
Available only on some models and only if Action is set to ACCEPT. Select this
option to display the Authentication Disclaimer page (a replacement message)
to the user. The user must accept the disclaimer to connect to the destination.
You can use the disclaimer together with authentication or a protection profile.
Redirect URL Available only on some models and only if Action is set to ACCEPT. If you enter
a URL, the user is redirected to the URL after authenticating and/or accepting
the user authentication disclaimer.
Any other ideas? I can' t see anything in the CLI?
Fortigate 1000A
v4.0,build194,100121 (MR1 Patch 4)
Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok...I can do a URL redirect but that doesn' t really achieve what I am trying to do...
I would therefore like to modify the SSL-VPN login page. I have been into the replacement messages and have adjusted the title. I would like to add a statement beneath the box with a warning...my HTML skillls are none existent though... can anyone advise on how you would adjust the replacement message to include the warning so it appeared above the login box?
Thanks guys
Fortigate 1000A
v4.0,build194,100121 (MR1 Patch 4)
Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For below: Put a row TR and cell TD after the %%SSL_LOGIN%% token. It should look like this.
%%SSL_LOGIN%%<tr><td>Your message here!</tr></td>
For top: Put a row TR and cell TD before the %%SSL_LOGIN%% token. It should look like this.
<tr><td>Your message here!</tr></td>%%SSL_LOGIN%%
Troy
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this:
<tr><td>%%SSL_LOGIN%%</td></tr><tr><td>Your message here!</td></tr>
Put the " %%SSL_LOGIN%%" inside of the <TR><TD> elements.
Also in the original post, the closing tags are reversed. Should be </td></tr>.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Troy
Thanks for the tip. When I put it in before the %%SSL_LOGIN%% token it appears inside of the Login Box.
If I wanted it to appear outside of the login box how would I do that?
Thanks for the help
Fortigate 1000A
v4.0,build194,100121 (MR1 Patch 4)
Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the input Bob to confirm
<html><head><title>*******</title><meta http-equiv=" Pragma" content=" no-cache" ><meta http-equiv=" cache-control" content=" no-cache" ><meta http-equiv=" cache-control" content=" must-revalidate" ><link href=" /sslvpn/css/login.css" rel=" stylesheet" type=" text/css" ><script language=" JavaScript" ><!--if (top && top.location != window.location) top.location = top.location;if (window.opener && window.opener.top) { window.opener.top.location = window.opener.top.location; self.close(); }//--></script></head><body class=" main" ><center><table width=" 100%" height=" 100%" align=" center" class=" container" valign=" middle" cellpadding=" 0" cellspacing=" 0" ><tr valign=middle><td><form action=" %%SSL_ACT%%" method=" %%SSL_METHOD%%" name=" f" ><table class=" list" cellpadding=10 cellspacing=0 align=center width=400 height=180>%%SSL_LOGIN%%</table>%%SSL_HIDDEN%%</td></tr></table></form></center></body><script>document.forms[0].username.focus();</script></html>
<html><head><title>******</title><meta http-equiv=" Pragma" content=" no-cache" ><meta http-equiv=" cache-control" content=" no-cache" ><meta http-equiv=" cache-control" content=" must-revalidate" ><link href=" /sslvpn/css/login.css" rel=" stylesheet" type=" text/css" ><script language=" JavaScript" ><!--if (top && top.location != window.location) top.location = top.location;if (window.opener && window.opener.top) { window.opener.top.location = window.opener.top.location; self.close(); }//--></script></head><body class=" main" ><center><table width=" 100%" height=" 100%" align=" center" class=" container" valign=" middle" cellpadding=" 0" cellspacing=" 0" ><tr valign=middle><td><form action=" %%SSL_ACT%%" method=" %%SSL_METHOD%%" name=" f" ><table class=" list" cellpadding=10 cellspacing=0 align=center width=400 height=180><tr><td>%%SSL_LOGIN%%</td></tr><tr><td>Your message here!</td></tr></table>%%SSL_HIDDEN%%</td></tr></table></form></center></body><script>document.forms[0].username.focus();</script></html>
Fortigate 1000A
v4.0,build194,100121 (MR1 Patch 4)
Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Fortigate 1000A v4.0,build194,100121 (MR1 Patch 4) Fortianalyzer 800B
v4.0,build0130 (MR1 Patch 3)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks solid! Give that a go.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com