Description
Q1. How does the FortiGate track who has agreed to the Disclaimer?
Answer: The disclaimer is not directly tracked, it is implied with a successful login event.Without agreeing to the disclaimer you will not be able to authenticate. Any successful user authentication event (when a disclaimer is used) will mean that whoever logged in agreed to the disclaimer.
Q2. What is the maximum timeout before users can be shown the disclaimer again?
Answer: Since the disclaimer page is linked to authentication, users will not be prompted until their authentication times out. Administrators can indirectly change the disclaimer timer by modifying the authentication timeout. Authentication timeout is maximum is 480 Minutes.
Q3. Can users be sent to a third party site, to be tested for authentication credentials and then be given a disclaimer?
Answer: No. The disclaimer page must be on the FortiGate. Otherwise FortiOS does not have a method to accurately determine if the disclaimer was accepted or not. The disclaimer page can be modified my editing going to the GUI :System->Config->Replacement Messages->Authentication and editing the disclaimer page.
Note : when editing as the Yes/No button, the syntax must remain unchanged for the variables to work.
Scope
FortiOS 4.0 and above
