Need help securing your Ubiquiti routers? Configuring IPSEC links between locations? The extended guides for Ubiquiti EdgeRouter Hardening and IPSEC Site-to-Site VPNs are now available on the Solutions page.

Having a login banner is widely considered a best practice across the networking industry. Though the legal merits and applicability of login banners is sometimes disputed, there is value in notifying anyone who may try to log into a device that access is monitored and audited. Some compliance standards also require a login banner, and there is a DISA STIG that also requires it for any equipment in use by the United States government. EdgeOS is somewhat unique in that it offers two login banners instead of one - a pre-login and post-login banner. The pre-login banner displays once a user is prompted for a password. The post-login banner displays once a user is successfully authenticated.

First we'll configure the pre-login banner, then the post-login banner, and finally commit and save the new configuration. The following command sets the pre-login banner.

set system login banner pre-login "---THIS DEVICE IS MONITORED, INCLUDING ACCESS ATTEMPTS AND LOGINS. ACCESS ONLY AUTHORIZED TO MANITO NETWORKS STAFF---"

Now we'll set the post-login banner.

set system login banner post-login "---THIS DEVICE IS MONITORED, AND ACCESS IS REGULARLY AUDITED---"

The banner text in the commands above are just examples, and you should create banner text specific to your organization's legal requirements. Don't forget to commit and save the new configuration, then log out and back in to see how the new banner looks.