A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

Configure a login banner or disclaimer on a FortiGate for Terminal and HTTP admin logins

, ,

If like me you work in an environment where you have people who are attempting to circumvent your network security it helps to have a banner or disclaimer to warn them about the trouble they will get into if they’re caught. By default when you attempt to login to a FortiGate there is no warning message or login banner.

To enable the banner or disclaimer on a FortiGate (there is both a pre and post login disclaimer you can use) we firstly need to log into the CLI of the FortiGate and enter the following commands to enable the banner. You can substitute pre with post if you wish;

FG621B # config system global
FG621B (global) # set pre-login-banner enable
FG621B (global) # end

Now log into the web ui of FortiOS and go into System > Config > Replacement Messages once there we need to switch to the extended view and the login banners should be at the top of the list, you can edit the default message if you wish, once done click on Save.

Once you try and get the FortiGate via Terminal or Web Management you should get prompted with the Disclaimer message.

Leave a Reply

More Posts

Using LDAPS (Secure LDAP Binding) with Moodle for Sign-In running on IIS in a Windows Active Directory Domain

The process for running LDAP queries via secure channel for Moodle is fairly straight forward. This method is not using a trusted certificate but is encrypting the traffic between Moodle and your Domain Controller to prevent snooping. The first thing you will want to do is install the latest OpenSSL binaries onto your Moodle Server. […]

Getting a list of users in Active Directory as well as their Logon Script using dsquery and dsget

So I’m preparing on doing a clean-up of our NETLOGON/SYSVOL folder containing about 50 or so different logon scripts (plenty of which I know are no longer used).  I wanted to create a list of all of our active directory users along with what logon script they were assigned (I could then feed this list […]

Fixing HTTP Error 500.21 – Internal Server Error Handler “WebServiceHandlerFactory-Integrated” has a bad module “ManagedPipelineHandler” in its module list on IIS.

I was recently developing some .net web applications at work and finally took the plunge of setting up a server to host them after I was happy that we had reached the point where they were usable applications.  So after setting up Server 2008 R2, I went ahead and enabled IIS with asp.net configuration enabled […]