ASG and ProxySG login banner configuration

book

Article ID: 168360

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

This article describes various methods for configuring warning or login banners on the ProxySG via SSH, serial console or the web Management Console.

Resolution

SSH Banner Configuration 

  • Via the Management Console
    • Log in to the Management Console.
    • Select Configuration > Authentication > Console Access > SSH Host.
    • In the SSHv2 Welcome Banner field, enter the text for the banner.
    • Click Apply. The appliance indicates that the changes were committed.
  • Via the CLI
    • Log in to the CLI.
    • Enter privileged mode.
    • Enter the following commands:
#(config)ssh-console
#(config ssh-console)inline sshv2-welcome-banner EOF
First line
Second line
Third line
EOF

Note: "EOF", in this example, is an end-of-file marker. These strings are not included within the actual banner message.

The CLI responds ok and returns to the command prompt.

 

Serial Console Banner Configuration 

  • In the setup console, make sure that you have secured the serial port with a password ((Recommended but not necessary) .
  • Log in to the CLI.
  • Enter privileged mode.
  • Enter the following commands:
#(config)serial-console
#(config serial-console)inline pre-authentication-terms EOF
First line
Second line
Third line
EOF

Note: "EOF", in this example, is an end-of-file marker. These strings are not included within the actual banner message.

The CLI responds ok and returns to the command prompt.

 

Appliance Management Console Banner Configuration 

  • Determine which method you will use to install policy.
    • Refer to chapter "Managing Policy Files" in the Content Policy Language Reference.
  • Determine which realm users should authenticate against.
    • Note: You will refer to the realm name when you create banner related policy.
  • Create a reverse proxy service for the Notice and Consent banner.
    • Note: You will refer to the service name when you create banner related policy.
  • Create a banner via CPL (Content Policy Language) script or the VPM (Visual Policy Manager) policy.
    • This feature was introduced as of SGOS versions 6.5.9.10 and 6.6.4.3.

Note: The banner is displayed only when accessing the proxy via the port created in the reverse proxy service,  for example: https://x.x.x.x:444 .  The banner will also not be displayed if proxy is accessed by port 8082. 

 

For additional nformation related to Banner creation and configuration is required, please refer to the Notice and Consent Banner Configuration Webguide.