system : replacemsg nac-quar
 
replacemsg nac-quar
Use this command to change the NAC quarantine pages for data leak (DLP), denial of service (DoS), IPS, and virus detected.
These are HTML messages with HTTP headers.
Syntax
config system replacemsg nac-quar nac-quar_msg_type
set buffer <message>
set format <format>
set header <header_type>
end
Variable
Description
Default
nac-quar_msg_type
Replacement message type. See Table 17.
No default
buffer <message>
Type a new replacement message to replace the current replacement message. Maximum length 8 192 characters.
Depends on message type.
format <format>
Set the format of the message:
html
text
none
No default
header <header_type>
Set the format of the message header:
8bit
http
none
Depends on message type.
Table 17: nac-quar message types
Message name
Description
nac-quar-dlp
Action set to Quarantine IP address or Quarantine Interface in a DLP sensor and the DLP sensor adds a source IP address or a FortiGate interface to the banned user list. The FortiGate unit displays this replacement message as a web page when the blocked user attempts to connect through the FortiGate unit using HTTP on port 80 or when any user attempts to connect through a FortiGate interface added to the banned user list using HTTP on port 80.
nac-quar-dos
For a DoS Sensor the CLI quarantine option set to attacker or interface and the DoS Sensor added to a DoS firewall policy adds a source IP, a destination IP, or FortiGate interface to the banned user list. The FortiGate unit displays this replacement message as a web page when the blocked user attempts to connect through the FortiGate unit using HTTP on port 80 or when any user attempts to connect through a FortiGate interface added to the banned user list using HTTP on port 80. This replacement message is not displayed if quarantine is set to both.
nac-quar-ips
Quarantine Attackers enabled in an IPS sensor filter or override and the IPS sensor adds a source IP address, a destination IP address, or a FortiGate interface to the banned user list. The FortiGate unit displays this replacement message as a web page when the blocked user attempts to connect through the FortiGate unit using HTTP on port 80 or when any user attempts to connect through a FortiGate interface added to the banned user list using HTTP on port 80. This replacement message is not displayed if method is set to Attacker and Victim IP Address.
nac-quar-virus
Antivirus Quarantine Virus Sender adds a source IP address or FortiGate interface to the banned user list. The FortiGate unit displays this replacement message as a web page when the blocked user attempts to connect through the FortiGate unit using HTTP on port 80 or when any user attempts to connect through a FortiGate interface added to the banned user list using HTTP on port 80.