Authentication replacement messages
The FortiGate unit uses the text of the authentication replacement messages for various user authentication HTML pages that are displayed when a user is required to authenticate because a security policy includes at least one identity-based policy that requires firewall users to authenticate.
These replacement message pages are for authentication using HTTP and HTTPS. You cannot customize the firewall authentication messages for FTP and Telnet.
The authentication login page and the authentication disclaimer include replacement tags and controls not found on other replacement messages.
Users see the authentication login page when they use a VPN or a security policy that requires authentication. You can customize this page in the same way as you modify other replacement messages.
There are some unique requirements for these replacement messages:
• The login page must be an HTML page containing a form with ACTION="/" and METHOD="POST"
• The form must contain the following hidden controls:
• <INPUT TYPE="hidden" NAME="%%MAGICID%%" VALUE="%%MAGICVAL%%">
• <INPUT TYPE="hidden" NAME="%%STATEID%%" VALUE="%%STATEVAL%%">
• <INPUT TYPE="hidden" NAME="%%REDIRID%%" VALUE="%%PROTURI%%">
• The form must contain the following visible controls:
• <INPUT TYPE="text" NAME="%%USERNAMEID%%" size=25>
• <INPUT TYPE="password" NAME="%%PASSWORDID%%" size=25>