A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

Configure a login banner or disclaimer on a FortiGate for Terminal and HTTP admin logins

, ,

If like me you work in an environment where you have people who are attempting to circumvent your network security it helps to have a banner or disclaimer to warn them about the trouble they will get into if they’re caught. By default when you attempt to login to a FortiGate there is no warning message or login banner.

To enable the banner or disclaimer on a FortiGate (there is both a pre and post login disclaimer you can use) we firstly need to log into the CLI of the FortiGate and enter the following commands to enable the banner. You can substitute pre with post if you wish;

FG621B # config system global
FG621B (global) # set pre-login-banner enable
FG621B (global) # end

Now log into the web ui of FortiOS and go into System > Config > Replacement Messages once there we need to switch to the extended view and the login banners should be at the top of the list, you can edit the default message if you wish, once done click on Save.

Once you try and get the FortiGate via Terminal or Web Management you should get prompted with the Disclaimer message.

Leave a Reply

More Posts

How to Install a trusted certificate onto a FileZilla FTP server to enable FTPS (FTP over TLS)

I was recently helping troubleshoot an issue where as part of that I needed to get a 50GB SQL Database transferred from an interstate client onto our servers.  Both the client and us have a decent Internet Connection and we already had an FTP server in place but I was worried about the sensitive nature […]

AWS and Windows Activation

Quick one today where I was on a client server hosted in AWS that wasn’t activated. Trying to activate it via Settings App throws and error. Like most large scale cloud vendors (except Azure), AWS use KMS to activate their windows machines, however sometimes the servers need some help to reach the internal KMS servers […]

How to log into ASDM for a Cisco ASA when you get the Unable to launch device manager error

I like to keep my client’s devices up to date to prevent any issues from arising and have access to the devices latest features. Unfortunately not everyone is happy to pay that little extra to have an on-going support / maintenance agreement.  I was recently out at a customer who had an ASA 5505 which […]