The banner can be used as a legal notice, warning any entity that makes unauthorized access into the device, or can act as a disclaimer. The banner can be set from the global configuration mode of the ASA.
Using the banner ? syntax, we can see the various options available. We are presented with four options, each would display the banner during a specific login method:
ASA-1(config)# banner ?
configure mode commands/options:
asdm Display a post login banner (ASDM only)
exec Display a banner whenever an EXEC process in initiated
login Display a banner before the username and password login prompts
motd Display a message-of-the-day banner
The following is the output from the ASA:
However, we are going to use the message of the day (MOTD) option. The MOTD is displayed across all logins to the firewall. Here, we are going to set a three-line banner that will pop up for any new connection to the ASA (such as console or Virtual Teletype (VTY)):
ASA-1(config)# banner motd Please be advised unauthorized access is strictly prohibited
ASA-1(config)# banner motd All access are recorded for security purposes
ASA-1(config)# banner motd This device is the property for ACME Corp.
Notice, each new line begins with the banner motd command, the effect of this command will add a new line at the bottom of the existing banner:
Let's verify the banner on the ASA:
ASA-1(config)# show banner
motd:
Please be advised unauthorized access is strictly prohibited
All access are recorded for security purposes
This device is the property for ACME Corp.