DOCUMENT LIBRARY

CLI Reference

Home FortiGate / FortiOS 6.0.0 CLI Reference

6.0.0

system csf

This command is used to configure the Fortinet Security Fabric (previously known as Cooperative Security Fabric).

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command	Description
set logging-mode {default \| local}	This option has been removed and replaced with `configuration-sync` (see table entry blow).
set configuration-sync {default \| local}	New configuration sync mode to replace `logging-mode`. Set to `default` to synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node. Set to `local` to not synchronize configuration with the root node.
set fixed-key <password>	Auto-generated fixed key used when this device is the root. This will be automatically generated if not set.
config trusted-list edit <id> set action {accept \| deny} set ha-members <string> set downstream-authorization {enable \| disable} next ...	Configure pre-authorized and blocked security fabric nodes. Note that this configuration method is only available when `status` is set to `enable`.
config fabric-device edit <name> set device-ip <ipv4-addr> set device-type {fortimail} set login <name> set password <password> next ...	Configure fabric device settings.

config system csf
    set status {enable | disable}   Enable/disable Security Fabric.
    set upstream-ip {ipv4 address}   IP address of the FortiGate upstream from this FortiGate in the Security Fabric.
    set upstream-port {integer}   The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). range[1-65535]
    set group-name {string}   Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. size[35]
    set group-password {password_string}   Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. size[128]
    set configuration-sync {default | local}   Configuration sync mode.
            default  Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.
            local    Do not synchronize configuration with root node.
    set management-ip {ipv4 address}   Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    set management-port {integer}   Overriding port for management connection (Overrides admin port). range[0-65535]
    set fixed-key {password_string}   Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.) size[128]
    config trusted-list
        edit {serial}
        # Pre-authorized and blocked security fabric nodes.
            set serial {string}   Serial. size[19]
            set action {accept | deny}   Security fabric authorization action.
                    accept  Accept authorization request.
                    deny    Deny authorization request.
            set ha-members {string}   HA members. size[19]
            set downstream-authorization {enable | disable}   Trust authorizations by this node's administrator.
        next
    config fabric-device
        edit {name}
        # Fabric device configuration.
            set name {string}   Device name. size[35]
            set device-ip {ipv4 address}   Device IP.
            set device-type {fortimail}   Device type.
                    fortimail  FortiMail device.
            set login {string}   Device login name. size[64]
            set password {password_string}   Device login password. size[128]
        next
end

status {enable | disable}

Enable or disable the security fabric. The default is disable.

upstream-ip <ip-address>

The IP address of the upstream FortiGate.

upstream-port <port-number>

The port used by the upstream FortiGate for communication within the security fabric. The default is 8013.

group-name <name>

The name of the security fabric.

group-password <password>

The password for the security fabric.

management-ip <ip-address>

The management IP address of this FortiGate.

system csf

This command is used to configure the Fortinet Security Fabric (previously known as Cooperative Security Fabric).

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command	Description
set logging-mode {default \| local}	This option has been removed and replaced with `configuration-sync` (see table entry blow).
set configuration-sync {default \| local}	New configuration sync mode to replace `logging-mode`. Set to `default` to synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node. Set to `local` to not synchronize configuration with the root node.
set fixed-key <password>	Auto-generated fixed key used when this device is the root. This will be automatically generated if not set.
config trusted-list edit <id> set action {accept \| deny} set ha-members <string> set downstream-authorization {enable \| disable} next ...	Configure pre-authorized and blocked security fabric nodes. Note that this configuration method is only available when `status` is set to `enable`.
config fabric-device edit <name> set device-ip <ipv4-addr> set device-type {fortimail} set login <name> set password <password> next ...	Configure fabric device settings.

config system csf
    set status {enable | disable}   Enable/disable Security Fabric.
    set upstream-ip {ipv4 address}   IP address of the FortiGate upstream from this FortiGate in the Security Fabric.
    set upstream-port {integer}   The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). range[1-65535]
    set group-name {string}   Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. size[35]
    set group-password {password_string}   Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. size[128]
    set configuration-sync {default | local}   Configuration sync mode.
            default  Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.
            local    Do not synchronize configuration with root node.
    set management-ip {ipv4 address}   Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.
    set management-port {integer}   Overriding port for management connection (Overrides admin port). range[0-65535]
    set fixed-key {password_string}   Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.) size[128]
    config trusted-list
        edit {serial}
        # Pre-authorized and blocked security fabric nodes.
            set serial {string}   Serial. size[19]
            set action {accept | deny}   Security fabric authorization action.
                    accept  Accept authorization request.
                    deny    Deny authorization request.
            set ha-members {string}   HA members. size[19]
            set downstream-authorization {enable | disable}   Trust authorizations by this node's administrator.
        next
    config fabric-device
        edit {name}
        # Fabric device configuration.
            set name {string}   Device name. size[35]
            set device-ip {ipv4 address}   Device IP.
            set device-type {fortimail}   Device type.
                    fortimail  FortiMail device.
            set login {string}   Device login name. size[64]
            set password {password_string}   Device login password. size[128]
        next
end

status {enable | disable}

Enable or disable the security fabric. The default is disable.

upstream-ip <ip-address>

The IP address of the upstream FortiGate.

upstream-port <port-number>

The port used by the upstream FortiGate for communication within the security fabric. The default is 8013.

group-name <name>

The name of the security fabric.

group-password <password>

The password for the security fabric.

management-ip <ip-address>

The management IP address of this FortiGate.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

CLI Reference

system csf

system csf

History

status {enable | disable}

upstream-ip <ip-address>

upstream-port <port-number>

group-name <name>

group-password <password>

management-ip <ip-address>

system csf

system csf

History

status {enable | disable}