Fortinet white logo
Fortinet white logo

CLI Reference

csf

csf

Use this command to add this device to a Security Fabric or set up a new Security Fabric on this device.

Note

This syntax is used as part of the fabric connection to FortiManager. For more information about establishing this connection, see the FortiManager Administration Guide.

Syntax

config system csf

set accept-auth-by-cert {enable | disable}

set authorization-request-type {certificate | serial}

set certificate <string>

set downstream-access {enable | disable}

set downstream-accprofile <string>

set fabric-workers <integer>

set status {enable | disable}

set upstream <string>

set upstream-confirm

set upstream-port <integer>

config trusted-list

edit <name>

set action {accept | deny}

set authorization-type {certificate | serial}

set certificate <string>

set ha-members <ha members>

set index <integer>

set serial <string>

end

end

Variable

Description

accept-auth-by-cert {enable | disable}

Accept connections with unknown certificates and ask admin for approval (default = enable).

authorization-request-type {certificate | serial}

Authorization request type (default = certificate).

certificate <string>

Certificate (default = Fortinet_Local).

downstream-access {enable | disable}

Enable/disable downstream device access to this device's configuration and data (default = disable).

downstream-accprofile <string>

Default access profile for requests from downstream devices. This option is only available when downstream-access is set to enable.

fabric-workers <integer>

Number of worker processes for Security Fabric daemon (default = 2).

status {enable | disable}

Enable/disable Security Fabric (default = disable).

upstream <string>

IP/FQDN of the FortiManager upstream from this FortiAnalyzer in the Security Fabric.

upstream-port <integer>

The port number to use to communicate with the FortiManager upstream from this FortiAnalyzer in the Security Fabric (default = 8013).

Variables for config trusted-list subcommand:

<name>

Name.

action {accept | deny}

Security fabric authorization action (default = accept).

authorization-type {certificate | serial}

Authorization type (default = serial).

certificate <string>

Certificate.

ha-members <ha members>

HA members.

index <integer>

Index of the downstream in tree (default = 0).

serial <string>

Serial.

csf

csf

Use this command to add this device to a Security Fabric or set up a new Security Fabric on this device.

Note

This syntax is used as part of the fabric connection to FortiManager. For more information about establishing this connection, see the FortiManager Administration Guide.

Syntax

config system csf

set accept-auth-by-cert {enable | disable}

set authorization-request-type {certificate | serial}

set certificate <string>

set downstream-access {enable | disable}

set downstream-accprofile <string>

set fabric-workers <integer>

set status {enable | disable}

set upstream <string>

set upstream-confirm

set upstream-port <integer>

config trusted-list

edit <name>

set action {accept | deny}

set authorization-type {certificate | serial}

set certificate <string>

set ha-members <ha members>

set index <integer>

set serial <string>

end

end

Variable

Description

accept-auth-by-cert {enable | disable}

Accept connections with unknown certificates and ask admin for approval (default = enable).

authorization-request-type {certificate | serial}

Authorization request type (default = certificate).

certificate <string>

Certificate (default = Fortinet_Local).

downstream-access {enable | disable}

Enable/disable downstream device access to this device's configuration and data (default = disable).

downstream-accprofile <string>

Default access profile for requests from downstream devices. This option is only available when downstream-access is set to enable.

fabric-workers <integer>

Number of worker processes for Security Fabric daemon (default = 2).

status {enable | disable}

Enable/disable Security Fabric (default = disable).

upstream <string>

IP/FQDN of the FortiManager upstream from this FortiAnalyzer in the Security Fabric.

upstream-port <integer>

The port number to use to communicate with the FortiManager upstream from this FortiAnalyzer in the Security Fabric (default = 8013).

Variables for config trusted-list subcommand:

<name>

Name.

action {accept | deny}

Security fabric authorization action (default = accept).

authorization-type {certificate | serial}

Authorization type (default = serial).

certificate <string>

Certificate.

ha-members <ha members>

HA members.

index <integer>

Index of the downstream in tree (default = 0).

serial <string>

Serial.