Replacement message name (CLI name) | Description |
Login challenge page (auth-challenge-page) | This HTML page is displayed if security users are required to answer a question to complete authentication. The page displays the question and includes a field in which to type the answer. This feature is supported by RADIUS and uses the generic RADIUS challenge-access auth response. Usually, challenge-access responses contain a Reply-Message attribute that contains a message for the user (for example, “Please enter new PIN”). This message is displayed on the login challenge page. The user enters a response that is sent back to the RADIUS server to be verified. The Login challenge page is most often used with RSA RADIUS server for RSA SecurID authentication. The login challenge appears when the server needs the user to enter a new PIN. You can customize the replacement message to ask the user for a SecurID PIN. This page uses the %%QUESTION%% tag. |
Disclaimer page (auth-disclaimer-page-1) (auth-disclaimer-page-2) (auth-disclaimer-page-3) | This page prompts user to accept the displayed disclaimer when leaving the captive portal to access Internet resources. It is displayed when the captive portal type is Authentication and Disclaimer or Disclaimer Only. In the CLI, the auth-disclaimer-page-2 and auth-disclaimer-page-3 pages seamlessly extend the size of the disclaimer page from 8 192 characters to 16 384 and 24 576 characters respectively. In the web-based manager this is handled automatically. See “Disclaimer”. |
Email token page (auth-email-token-page) | The page prompting a user to enter their email token. See “Email”. |
FortiToken page (auth-fortitoken-page) | The page prompting a user to enter their FortiToken code. See “FortiToken”. |
Keepalive page (auth-keepalive-page) | The HTML page displayed with security authentication keepalive is enabled using the following CLI command: config system global set auth-keepalive enable end Authentication keepalive keeps authenticated firewall sessions from ending when the authentication timeout ends. In the web-based manager, go to User & Device > Authentication > Settings to set the Authentication Timeout. This page includes %%TIMEOUT%%. |
Login failed page (auth-login-failed-page) | The Disclaimer page replacement message does not re-direct the user to a redirect URL or the security policy does not include a redirect URL. When a user selects the button on the disclaimer page to decline access through the FortiGate unit, the Declined disclaimer page is displayed. |
Login page (auth-login-page) | The authentication HTML page displayed when users who are required to authenticate connect through the FortiGate unit using HTTP or HTTPS. Prompts the user for their username and password to login. This page includes %%USERNAMEID%% and %%PASSWORDID%% tags. |
Declined disclaimer page (auth-reject-page) | The page displayed if a user declines the disclaimer page. See “Disclaimer”. |
SMS Token page (auth-sms-token-page) | The page prompting a user to enter their SMS token. See “SMS”. |
Success message (auth-success-msg) | The page displayed when a user successfully authenticates. Prompts user to attempt their connection again (as the first was interrupted for authentication). |