Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.6
Download PDF
Copy Link

system replacemsg-group

Replacement messages can be created and applied to specific profile groups. This allows the customization of messages for specific users or user groups.

If a user is not part of a custom replacement message group, their replacement messages come from the ‘default’ group. The ‘default’ group always exists, and cannot be deleted. All additional replacement message groups inherit from the default group. Any messages in custom groups that have not been modified, inherit any changes to those messages in the default group.

The only replacement messages that can not be customized in groups are administration related messages, which in the following categories:

  • Alert Mail
  • Administration
  • Authentication
  • IM and P2P
  • SSL VPN

Except for mm1, mm3, mm4, mm7 which use the message field, all replacement message types use the buffer field to refer to the body of the message.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config icap

edit icap-req-resp

set buffer <string>

set header {none | http | 8bit}

set format {none | text | html}

next

...

Custom replacement message for ICAP REQMOD response can be configured.

When FortiGate receives a denied/block messafe from the ICAP server (REQMOD), FortiGate generates and sends this replacement message.

config system replacemsg-group
    edit {name}
    # Configure replacement message groups.
        set name {string}   Group name. size[35]
        set comment {string}   Comment. size[255]
        set group-type {default | utm | auth | ec}   Group type.
                default  Per-vdom replacement messages.
                utm      For use with UTM settings in firewall policies.
                auth     For use with authentication pages in firewall policies.
                ec       For use with endpoint-control profiles.
        config mail
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config http
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config webproxy
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config ftp
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config nntp
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config fortiguard-wf
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config spam
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config alertmail
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config admin
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config auth
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config sslvpn
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config ec
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config device-detection-portal
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config nac-quar
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config traffic-quota
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config utm
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config custom-message
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config icap
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

edit <groupname_string>

Create or edit a replacement message group. Use a groupname of default to configure per-vdom replacement messages. Only valid when VDOMs are enabled.

group-type {auth | ec | utm}

Enter the type of replacement message group this is.

auth — (the default) for use with authentication pages in firewall policies

ec — for use with endpoint-control profiles

utm — for use with UTM settings in firewall policies

default — used to configure per-vdom replacement messages, only available when group name is set to default

config {auth | ec | fortiguard-wf | ftp | http | icap | mail | mm1 | mm3 | mm4 | mm7 | nntp | spam}

Select a replacement message type to add or edit. These types or protocols, match with the existing replacemsg commands, and determine which msgtypes are available.

edit <msgkey_integer>

Create or edit a message entry in the table. Enter the key of the entry. Using ‘?’ will show you the existing message type as well as the msgkey entries in the table.

msg-type <type>

Select the message type for this message entry. Valid message types vary according to which replacement message table you are editing.

buffer <message>

Type a new replacement message to replace the current replacement message. Maximum length 32,768 characters.

system replacemsg-group

Replacement messages can be created and applied to specific profile groups. This allows the customization of messages for specific users or user groups.

If a user is not part of a custom replacement message group, their replacement messages come from the ‘default’ group. The ‘default’ group always exists, and cannot be deleted. All additional replacement message groups inherit from the default group. Any messages in custom groups that have not been modified, inherit any changes to those messages in the default group.

The only replacement messages that can not be customized in groups are administration related messages, which in the following categories:

  • Alert Mail
  • Administration
  • Authentication
  • IM and P2P
  • SSL VPN

Except for mm1, mm3, mm4, mm7 which use the message field, all replacement message types use the buffer field to refer to the body of the message.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

config icap

edit icap-req-resp

set buffer <string>

set header {none | http | 8bit}

set format {none | text | html}

next

...

Custom replacement message for ICAP REQMOD response can be configured.

When FortiGate receives a denied/block messafe from the ICAP server (REQMOD), FortiGate generates and sends this replacement message.

config system replacemsg-group
    edit {name}
    # Configure replacement message groups.
        set name {string}   Group name. size[35]
        set comment {string}   Comment. size[255]
        set group-type {default | utm | auth | ec}   Group type.
                default  Per-vdom replacement messages.
                utm      For use with UTM settings in firewall policies.
                auth     For use with authentication pages in firewall policies.
                ec       For use with endpoint-control profiles.
        config mail
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config http
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config webproxy
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config ftp
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config nntp
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config fortiguard-wf
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config spam
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config alertmail
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config admin
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config auth
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config sslvpn
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config ec
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config device-detection-portal
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config nac-quar
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config traffic-quota
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config utm
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config custom-message
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
        config icap
            edit {msg-type}
            # Replacement message table entries.
                set msg-type {string}   Message type. size[28]
                set buffer {string}   Message string. size[32768]
                set header {none | http | 8bit}   Header flag.
                        none  No header type.
                        http  HTTP
                        8bit  8 bit.
                set format {none | text | html}   Format flag.
                        none  No format type.
                        text  Text format.
                        html  HTML format.
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

edit <groupname_string>

Create or edit a replacement message group. Use a groupname of default to configure per-vdom replacement messages. Only valid when VDOMs are enabled.

group-type {auth | ec | utm}

Enter the type of replacement message group this is.

auth — (the default) for use with authentication pages in firewall policies

ec — for use with endpoint-control profiles

utm — for use with UTM settings in firewall policies

default — used to configure per-vdom replacement messages, only available when group name is set to default

config {auth | ec | fortiguard-wf | ftp | http | icap | mail | mm1 | mm3 | mm4 | mm7 | nntp | spam}

Select a replacement message type to add or edit. These types or protocols, match with the existing replacemsg commands, and determine which msgtypes are available.

edit <msgkey_integer>

Create or edit a message entry in the table. Enter the key of the entry. Using ‘?’ will show you the existing message type as well as the msgkey entries in the table.

msg-type <type>

Select the message type for this message entry. Valid message types vary according to which replacement message table you are editing.

buffer <message>

Type a new replacement message to replace the current replacement message. Maximum length 32,768 characters.