Information
Configure a pre-login banner, ideally approved by the organization's legal team. This banner should, at minimum, prohibit unauthorized access, provide notice of logging or monitoring, and avoid using the word "welcome" or similar words of invitation.
Through a properly stated login banner, the risk of unintentional access to the device by unauthorized users is reduced. Should legal action take place against a person accessing the device without authorization, the login banner greatly diminishes a defendant's claim of ignorance.
Solution
Run the following command in the CLI to enable the pre-login-banner:
FG1 # config system global
FG1 (global) # set pre-login-banner enable
FG1 (global) # end
FG1 #
In the GUI, to edit the content of the pre-login disclaimer message:
- Go to 'System' -> 'Replacement Messages' -> 'Extended View' -> 'Pre-login Disclaimer Message'. The edit screen is on the bottom right corner of the page. Click on "Save" after the editing is done.
Impact:
Login banners provide a definitive warning to any possible intruders who may want to access the FortiGate that certain types of activity are illegal. At the same time, it also advises the authorized and legitimate users of their obligations relating to acceptable use.