Fortinet black logo

Administration Guide

Replacement message groups

Replacement message groups

Replacement message groups allow users to customize replacement messages for individual policies and profiles.

There are two types of replacement message groups:

Type

Usage

Customizable categories

utm

Used with UTM settings in firewall policies.

  • admin
  • alertmail
  • custom-message
  • fortiguard-wf
  • ftp
  • http
  • icap
  • mail
  • nac-quar
  • spam
  • sslvpn
  • traffic-quota
  • utm
  • webproxy

auth

Used with authentication pages in firewall policies.

  • auth
  • webproxy

The messages added to a group do not need to be customized. The message body content, header type, and format will use the default values if not customized.

To make replacement message groups visible in the GUI:
config system global
    set gui-replacement-message-groups enable
end

In the following example, two replacement message groups are created. The UTM message group includes custom mail-related messages and is assigned to an email filter profile. The authentication message group has a custom authentication success message that is applied to a proxy-based firewall policy that has an assigned email filter profile.

To create replacement message groups in the GUI:
  1. Create the Security replacement message group:
    1. Go to System > Replacement Message Groups.
    2. Click Create New.
    3. For Name, enter newutm.
    4. In the Comments field, enter UTM message group.
    5. For Group Type, select Security.
    6. Click OK.

  2. Customize the replacement messages in the newutm group:
    1. Go to System > Replacement Message Groups.
    2. Edit the newutm group.
    3. Select the Partial Email Block Message.

    4. Edit the message and click Save.
    5. Select the ASE Block Message.
    6. Edit the message and click Save.
  3. Create the Authentication replacement message group:
    1. Go to System > Replacement Message Groups.
    2. Click Create New.
    3. For Name, enter newauth.
    4. In the Comments field, enter Authentication message group.
    5. For Group Type, select Authentication.
    6. Click OK.

  4. Apply the newutm replacement message group to an email filter profile in the CLI:
    config emailfilter profile
        edit "newmsgs"
            set replacemsg-group "newutm"
        next
    end
  5. Apply the newauth replacement message group and the email filter profile to a firewall policy in the CLI:
    config firewall policy
        edit 1
            ...
            set replacemsg-override-group "newauth"
            set inspection-mode proxy
            set emailfilter-profile "newmsgs"
            ...
        next
    end
To create replacement message groups in the CLI:
  1. Create the replacement message groups:
    config system replacemsg-group
        edit "newutm"
            set comment "UTM message group"
            set group-type utm
            config mail
                edit "partial"
                    set buffer "Fragmented emails are blocked, sorry."
                next
            end
            config spam
                edit "smtp-spam-ase"
                    set buffer "This message has been blocked because ASE reports it as spam. You\'re welcome."
                next
            end
        next
        edit "newauth"
            set comment 'Authentication message group'
            set group-type auth
            config auth
                edit "auth-success-msg"
                    set buffer "Welcome to the firewall. Your authentication has been accepted, please reconnect."
                next
            end
        next
    end
  2. Apply the message group to the email filter:
    config emailfilter profile
        edit "newmsgs"
            set replacemsg-group "newutm"
        next
    end
  3. Apply the email filter and message group to the policy:
    config firewall policy
        edit 1
            ...
            set replacemsg-override-group "newauth"
            set inspection-mode proxy
            set emailfilter-profile "newmsgs"
            ...
        next
    end

Replacement message groups

Replacement message groups allow users to customize replacement messages for individual policies and profiles.

There are two types of replacement message groups:

Type

Usage

Customizable categories

utm

Used with UTM settings in firewall policies.

  • admin
  • alertmail
  • custom-message
  • fortiguard-wf
  • ftp
  • http
  • icap
  • mail
  • nac-quar
  • spam
  • sslvpn
  • traffic-quota
  • utm
  • webproxy

auth

Used with authentication pages in firewall policies.

  • auth
  • webproxy

The messages added to a group do not need to be customized. The message body content, header type, and format will use the default values if not customized.

To make replacement message groups visible in the GUI:
config system global
    set gui-replacement-message-groups enable
end

In the following example, two replacement message groups are created. The UTM message group includes custom mail-related messages and is assigned to an email filter profile. The authentication message group has a custom authentication success message that is applied to a proxy-based firewall policy that has an assigned email filter profile.

To create replacement message groups in the GUI:
  1. Create the Security replacement message group:
    1. Go to System > Replacement Message Groups.
    2. Click Create New.
    3. For Name, enter newutm.
    4. In the Comments field, enter UTM message group.
    5. For Group Type, select Security.
    6. Click OK.

  2. Customize the replacement messages in the newutm group:
    1. Go to System > Replacement Message Groups.
    2. Edit the newutm group.
    3. Select the Partial Email Block Message.

    4. Edit the message and click Save.
    5. Select the ASE Block Message.
    6. Edit the message and click Save.
  3. Create the Authentication replacement message group:
    1. Go to System > Replacement Message Groups.
    2. Click Create New.
    3. For Name, enter newauth.
    4. In the Comments field, enter Authentication message group.
    5. For Group Type, select Authentication.
    6. Click OK.

  4. Apply the newutm replacement message group to an email filter profile in the CLI:
    config emailfilter profile
        edit "newmsgs"
            set replacemsg-group "newutm"
        next
    end
  5. Apply the newauth replacement message group and the email filter profile to a firewall policy in the CLI:
    config firewall policy
        edit 1
            ...
            set replacemsg-override-group "newauth"
            set inspection-mode proxy
            set emailfilter-profile "newmsgs"
            ...
        next
    end
To create replacement message groups in the CLI:
  1. Create the replacement message groups:
    config system replacemsg-group
        edit "newutm"
            set comment "UTM message group"
            set group-type utm
            config mail
                edit "partial"
                    set buffer "Fragmented emails are blocked, sorry."
                next
            end
            config spam
                edit "smtp-spam-ase"
                    set buffer "This message has been blocked because ASE reports it as spam. You\'re welcome."
                next
            end
        next
        edit "newauth"
            set comment 'Authentication message group'
            set group-type auth
            config auth
                edit "auth-success-msg"
                    set buffer "Welcome to the firewall. Your authentication has been accepted, please reconnect."
                next
            end
        next
    end
  2. Apply the message group to the email filter:
    config emailfilter profile
        edit "newmsgs"
            set replacemsg-group "newutm"
        next
    end
  3. Apply the email filter and message group to the policy:
    config firewall policy
        edit 1
            ...
            set replacemsg-override-group "newauth"
            set inspection-mode proxy
            set emailfilter-profile "newmsgs"
            ...
        next
    end