system : replacemsg ec
 
replacemsg ec
The endpoint control (ec) replacement messages format the portal pages that the FortiGate unit sends to non-compliant users who attempt to use a firewall policy in which Endpoint NAC (endpoint-check) is enabled.
There are two Endpoint NAC portals:
Endpoint NAC Download Portal — The FortiGate unit sends this page if the Endpoint NAC profile has recommendation-disclaimer disabled. In the web-based manager, this is the Quarantine Hosts to User Portal (Enforce compliance) option. The user can download the FortiClient Endpoint Security application installer. If you modify this replacement message, be sure to retain the %%LINK%% tag which provides the download URL for the FortiClient installer.
Endpoint NAC Recommendation Portal — The FortiGate unit sends this page if the Endpoint NAC profile has recommendation-disclaimer enabled. In the web-based manager, this is the Notify Hosts to Install FortiClient (Warn only) option. The user can either download the FortiClient Endpoint Security application installer or select the Continue to link to access their desired destination. If you modify this replacement message, be sure to retain both the %%LINK%% tag which provides the download URL for the FortiClient installer and the %%DST_ADDR%% link that contains the URL that the user requested.
Message format is HTML by default.
Syntax
config system replacemsg ec endpt-download-portal
set buffer <message>
set format <format>
set header <header_type>
end
config system replacemsg ec endpt-recommendation-portal
set buffer <message>
set format <format>
set header <header_type>
end
Variable
Description
Default
endpt-download-portal
The Endpoint NAC Download Portal. The FortiGate unit sends this message to non-compliant users if recommendation-disclaimer is disabled in the Endpoint Control profile.
The user can download the FortiClient Endpoint Security application installer.
No default
endpt-recommendation-portal
The Endpoint NAC Recommendation Portal. The FortiGate unit sends this message to non-compliant users if recommendation-disclaimer is enabled in the Endpoint Control profile.
The user can either download the FortiClient Endpoint Security application installer or select the Continue to link to access their desired destination.
No default
buffer <message>
Type a new replacement message to replace the current replacement message. Maximum length 8 192 characters.
Depends on message type.
format <format>
Set the format of the message:
html
text
none
header <header_type>
Set the format of the message header:
8bit
http
none
The endpoint control replacement messages include the following replacement message tags. When users receive the replacement message, the replacement message tag is replaced with the appropriate content.
Table 7: Replacement message tags
Tag
Description
%%LINK%%
The download URL for the FortiClient installer.
%%DST_ADDR%%
The destination URL that the user entered.
This is used in the endpt-recommendation-portal message only.