Fortinet black logo

Cookbook

Replacement message groups

Copy Link
Copy Doc ID 4e2e9371-e0d6-11ea-96b9-00505692583a:853773
Download PDF

Replacement message groups

Replacement message groups allow you to customize replacement messages for individual policies and profiles.

There are two types of replacement message groups:

  • utm: Used with UTM settings in firewall policies. Messages in the following categories can be customized: mail, http, webproxy, ftp, nntp, fortiguard-wf, spam, alertmail, admin, sslvpn, nac-quar, traffic-quota, utm, custom-message, and icap.
  • auth: Used with authentication pages in firewall policies. Messages in the following categories can be customized: webproxy and auth.

The messages added to a group do not need to be customized. The body content, header type, and format of a message will use the default values if not customized.

To create or edit a replacement message group in the CLI:
config system replacemsg-group
    edit <group>
        set group-type {auth | utm}
        config <message_category>
            edit <message_type>
                set buffer <message>
                set header {none | http | 8bit}
                set format {none | text | html}
            next
        end
    next
end
To create a replacement message group in the GUI:
  1. Make replacement message groups visible in the GUI with the following CLI command:
    config system settings
        set gui-replacement-message-groups enable
    end
  2. Go to System > Replacement Message Groups.
  3. Click Create New.
  4. Enter a name for the new group.
  5. Optionally, enter a comment describing the group.
  6. Select the Group Type, either Security or Authentication.

  7. Click OK.

Example

In this example, two replacement message groups are created. The UTM type message group includes custom mail related messages, changes the formats of some spam related message, and is assigned to an email filter profile. The authentication type message group has a custom authentication success message that is applied to a proxy-based firewall policy that with the email filter profile assigned.

To create the replacement message groups and use them in a profile and a policy in the CLI:
  1. Create the replacement message groups:
    config system replacemsg-group
        edit "newutm"
            set group-type utm
            config mail
                edit "partial"
                    set buffer "Fragmented emails are blocked, sorry."
                next
                edit "email-av-fail"
                    set buffer "The email has been blocked for reasons."
                next
            end
            config spam
                edit "submit"
                    set header http
                    set format html
                next
                edit "reversedns"
                    set header http
                    set format html
                next
            end
        next
        edit "newauth"
            set group-type auth
            config auth
                edit "auth-success-msg"
                    set buffer "Welcome to the firewall. Your authentication has been accepted, please reconnect."
                    set header none
                    set format text
                next
            end
        next
    end
  2. Apply the message groups:
    config emailfilter profile
        edit "newmsgs"
            set replacemsg-group "newutm"
        next
    end
    config firewall policy
        edit 1
            ...
            set replacemsg-override-group "newauth"
            set inspection-mode proxy
            set emailfilter-profile "newmsgs"
            ...
        next
    end
To create the replacement message groups and use them in a profile and a policy in the GUI:
  1. Create the Security replacement message groups:
    1. Go to System > Replacement Message Groups.
    2. Click Create New.
    3. Enter newutm in the Name field.
    4. Enter UTM message group in the Comments field.
    5. Select Security as the Group Type.
    6. Click OK.
  2. Customize the replacement messages in the newutm group:
    1. Go to System > Replacement Message Groups.
    2. Edit the newutm group.
    3. Locate the AV Engine Load Error Email Block Message, edit the message, then click Save.

    4. Locate the Partial Email Block Message, edit the message, then click Save.
  3. Create the Authentication replacement message group:
    1. Go to System Replacement Message Groups.
    2. Click Create New.
    3. Enter newauth in the Name field.
    4. Enter Authentication message group in the Comments field.
    5. Select Authentication as the Group Type.

    6. Click OK.
  4. Apply the newutm replacement message group to an email filter profile using the CLI.
  5. Apply the newauth replacement message group and the email filter profile to a firewall policy using the CLI.

Replacement message groups

Replacement message groups allow you to customize replacement messages for individual policies and profiles.

There are two types of replacement message groups:

  • utm: Used with UTM settings in firewall policies. Messages in the following categories can be customized: mail, http, webproxy, ftp, nntp, fortiguard-wf, spam, alertmail, admin, sslvpn, nac-quar, traffic-quota, utm, custom-message, and icap.
  • auth: Used with authentication pages in firewall policies. Messages in the following categories can be customized: webproxy and auth.

The messages added to a group do not need to be customized. The body content, header type, and format of a message will use the default values if not customized.

To create or edit a replacement message group in the CLI:
config system replacemsg-group
    edit <group>
        set group-type {auth | utm}
        config <message_category>
            edit <message_type>
                set buffer <message>
                set header {none | http | 8bit}
                set format {none | text | html}
            next
        end
    next
end
To create a replacement message group in the GUI:
  1. Make replacement message groups visible in the GUI with the following CLI command:
    config system settings
        set gui-replacement-message-groups enable
    end
  2. Go to System > Replacement Message Groups.
  3. Click Create New.
  4. Enter a name for the new group.
  5. Optionally, enter a comment describing the group.
  6. Select the Group Type, either Security or Authentication.

  7. Click OK.

Example

In this example, two replacement message groups are created. The UTM type message group includes custom mail related messages, changes the formats of some spam related message, and is assigned to an email filter profile. The authentication type message group has a custom authentication success message that is applied to a proxy-based firewall policy that with the email filter profile assigned.

To create the replacement message groups and use them in a profile and a policy in the CLI:
  1. Create the replacement message groups:
    config system replacemsg-group
        edit "newutm"
            set group-type utm
            config mail
                edit "partial"
                    set buffer "Fragmented emails are blocked, sorry."
                next
                edit "email-av-fail"
                    set buffer "The email has been blocked for reasons."
                next
            end
            config spam
                edit "submit"
                    set header http
                    set format html
                next
                edit "reversedns"
                    set header http
                    set format html
                next
            end
        next
        edit "newauth"
            set group-type auth
            config auth
                edit "auth-success-msg"
                    set buffer "Welcome to the firewall. Your authentication has been accepted, please reconnect."
                    set header none
                    set format text
                next
            end
        next
    end
  2. Apply the message groups:
    config emailfilter profile
        edit "newmsgs"
            set replacemsg-group "newutm"
        next
    end
    config firewall policy
        edit 1
            ...
            set replacemsg-override-group "newauth"
            set inspection-mode proxy
            set emailfilter-profile "newmsgs"
            ...
        next
    end
To create the replacement message groups and use them in a profile and a policy in the GUI:
  1. Create the Security replacement message groups:
    1. Go to System > Replacement Message Groups.
    2. Click Create New.
    3. Enter newutm in the Name field.
    4. Enter UTM message group in the Comments field.
    5. Select Security as the Group Type.
    6. Click OK.
  2. Customize the replacement messages in the newutm group:
    1. Go to System > Replacement Message Groups.
    2. Edit the newutm group.
    3. Locate the AV Engine Load Error Email Block Message, edit the message, then click Save.

    4. Locate the Partial Email Block Message, edit the message, then click Save.
  3. Create the Authentication replacement message group:
    1. Go to System Replacement Message Groups.
    2. Click Create New.
    3. Enter newauth in the Name field.
    4. Enter Authentication message group in the Comments field.
    5. Select Authentication as the Group Type.

    6. Click OK.
  4. Apply the newutm replacement message group to an email filter profile using the CLI.
  5. Apply the newauth replacement message group and the email filter profile to a firewall policy using the CLI.