system replacemsg nac-quar
Use this command to change the Endpoint Control pages for data leak (DLP), denial of service (DoS), IPS, and virus detected.
These are HTML messages with HTTP headers.
config system replacemsg nac-quar edit {msg-type} # Replacement messages. set msg-type {string} Message type. size[28] set buffer {string} Message string. size[32768] set header {none | http | 8bit} Header flag. none No header type. http HTTP 8bit 8 bit. set format {none | text | html | wml} Format flag. none No format type. text Text format. html HTML format. wml WML format next end
Additional information
The following section is for those options that require additional explanation.
buffer <message>
Type a new replacement message to replace the current replacement message. Maximum length 32,768 characters.
nac-quar message types
nac-quar-dlp
Action set to Quarantine IP address or Quarantine Interface in a DLP sensor and the DLP sensor adds a source IP address or a FortiGate interface to the banned user list. The FortiGate unit displays this replacement message as a web page when the blocked user attempts to connect through the FortiGate unit using HTTP on port 80 or when any user attempts to connect through a FortiGate interface added to the banned user list using HTTP on port 80.
nac-quar-dos
For a DoS Sensor the CLI quarantine option set to attacker or interface and the DoS Sensor added to a DoS firewall policy adds a source IP, a destination IP, or FortiGate interface to the banned user list.
The FortiGate unit displays this replacement message as a web page when the blocked user attempts to connect through the FortiGate unit using HTTP on port 80 or when any user attempts to connect through a FortiGate interface added to the banned user list using HTTP on port 80. This replacement message is not displayed if quarantine is set to both.
nac-quar-ips
Quarantine Attackers enabled in an IPS sensor filter or override and the IPS sensor adds a source IP address, a destination IP address, or a FortiGate interface to the banned user list. The FortiGate unit displays this replacement message as a web page when the blocked user attempts to connect through the FortiGate unit using HTTP on port 80 or when any user attempts to connect through a FortiGate interface added to the banned user list using HTTP on port 80. This replacement message is not displayed if method is set to Attacker and Victim IP Address.
nac-quarvirus
Antivirus Quarantine Virus Sender adds a source IP address or FortiGate interface to the banned user list. The FortiGate unit displays this replacement message as a web page when the blocked user attempts to connect through the FortiGate unit using HTTP on port 80 or when any user attempts to connect through a FortiGate interface added to the banned user list using HTTP on port 80.