Replacement message groups
Replacement message groups allow you to customize replacement messages for individual policies and profiles.
There are two types of replacement message groups:
-
utm
: Used with UTM settings in firewall policies. Messages in the following categories can be customized: mail, http, webproxy, ftp, nntp, fortiguard-wf, spam, alertmail, admin, sslvpn, nac-quar, traffic-quota, utm, custom-message, and icap. -
auth
: Used with authentication pages in firewall policies. Messages in the following categories can be customized: webproxy and auth.
The messages added to a group do not need to be customized. The body content, header type, and format of a message will use the default values if not customized.
To create or edit a replacement message group in the CLI:
config system replacemsg-group edit <group> set group-type {auth | utm} config <message_category> edit <message_type> set buffer <message> set header {none | http | 8bit} set format {none | text | html} next end next end
To create a replacement message group in the GUI:
- Make replacement message groups visible in the GUI with the following CLI command:
config system settings set gui-replacement-message-groups enable end
- Go to System > Replacement Message Groups.
- Click Create New.
- Enter a name for the new group.
- Optionally, enter a comment describing the group.
- Select the Group Type, either Security or Authentication.
- Click OK.
Example
In this example, two replacement message groups are created. The UTM type message group includes custom mail related messages, changes the formats of some spam related message, and is assigned to an email filter profile. The authentication type message group has a custom authentication success message that is applied to a proxy-based firewall policy that with the email filter profile assigned.
To create the replacement message groups and use them in a profile and a policy in the CLI:
- Create the replacement message groups:
config system replacemsg-group edit "newutm" set group-type utm config mail edit "partial" set buffer "Fragmented emails are blocked, sorry." next edit "email-av-fail" set buffer "The email has been blocked for reasons." next end config spam edit "submit" set header http set format html next edit "reversedns" set header http set format html next end next edit "newauth" set group-type auth config auth edit "auth-success-msg" set buffer "Welcome to the firewall. Your authentication has been accepted, please reconnect." set header none set format text next end next end
- Apply the message groups:
config emailfilter profile edit "newmsgs" set replacemsg-group "newutm" next end
config firewall policy edit 1 ... set replacemsg-override-group "newauth" set inspection-mode proxy set emailfilter-profile "newmsgs" ... next end
To create the replacement message groups and use them in a profile and a policy in the GUI:
- Create the Security replacement message groups:
- Go to System > Replacement Message Groups.
- Click Create New.
- Enter newutm in the Name field.
- Enter UTM message group in the Comments field.
- Select Security as the Group Type.
- Click OK.
- Customize the replacement messages in the newutm group:
- Go to System > Replacement Message Groups.
- Edit the newutm group.
- Locate the AV Engine Load Error Email Block Message, edit the message, then click Save.
- Locate the Partial Email Block Message, edit the message, then click Save.
- Create the Authentication replacement message group:
- Go to System Replacement Message Groups.
- Click Create New.
- Enter newauth in the Name field.
- Enter Authentication message group in the Comments field.
- Select Authentication as the Group Type.
- Click OK.
- Apply the newutm replacement message group to an email filter profile using the CLI.
- Apply the newauth replacement message group and the email filter profile to a firewall policy using the CLI.