Fortinet black logo

CLI Reference

system csf

Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

  config system csf
      Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
      set status [enable|disable]
      set upstream-ip {ipv4-address}
      set upstream-port {integer}
      set group-name {string}
      set group-password {password}
      set configuration-sync [default|local]
      set management-ip {string}
      set management-port {integer}
      set fixed-key {password}
      config trusted-list
          Description: Pre-authorized and blocked security fabric nodes.
          edit <serial>
              set action [accept|deny]
              set ha-members {string}
              set downstream-authorization [enable|disable]
          next
      end
      config fabric-device
          Description: Fabric device configuration.
          edit <name>
              set device-ip {ipv4-address}
              set https-port {integer}
              set access-token {varlen_password}
          next
      end
  end

config system csf

Parameter Name Description Type Size
status Enable/disable Security Fabric.
enable: Enable Security Fabric.
disable: Disable Security Fabric.
option -
upstream-ip IP address of the FortiGate upstream from this FortiGate in the Security Fabric. ipv4-address Not Specified
upstream-port The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). integer Minimum value: 1 Maximum value: 65535
group-name Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. string Maximum length: 35
group-password Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. password Not Specified
configuration-sync Configuration sync mode.
default: Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.
local: Do not synchronize configuration with root node.
option -
management-ip Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. string Maximum length: 255
management-port Overriding port for management connection (Overrides admin port). integer Minimum value: 0 Maximum value: 65535
fixed-key Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.) password Not Specified
Parameter Name Description Type Size
action Security fabric authorization action.
accept: Accept authorization request.
deny: Deny authorization request.
option -
ha-members HA members. string Maximum length: 19
downstream-authorization Trust authorizations by this node's administrator.
enable: Enable downstream authorization.
disable: Disable downstream authorization.
option -
Parameter Name Description Type Size
device-ip Device IP. ipv4-address Not Specified
https-port HTTPS port for fabric device. integer Minimum value: 1 Maximum value: 65535
access-token Device access token. varlen_password Not Specified

Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

  config system csf
      Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
      set status [enable|disable]
      set upstream-ip {ipv4-address}
      set upstream-port {integer}
      set group-name {string}
      set group-password {password}
      set configuration-sync [default|local]
      set management-ip {string}
      set management-port {integer}
      set fixed-key {password}
      config trusted-list
          Description: Pre-authorized and blocked security fabric nodes.
          edit <serial>
              set action [accept|deny]
              set ha-members {string}
              set downstream-authorization [enable|disable]
          next
      end
      config fabric-device
          Description: Fabric device configuration.
          edit <name>
              set device-ip {ipv4-address}
              set https-port {integer}
              set access-token {varlen_password}
          next
      end
  end

config system csf

Parameter Name Description Type Size
status Enable/disable Security Fabric.
enable: Enable Security Fabric.
disable: Disable Security Fabric.
option -
upstream-ip IP address of the FortiGate upstream from this FortiGate in the Security Fabric. ipv4-address Not Specified
upstream-port The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). integer Minimum value: 1 Maximum value: 65535
group-name Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. string Maximum length: 35
group-password Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. password Not Specified
configuration-sync Configuration sync mode.
default: Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.
local: Do not synchronize configuration with root node.
option -
management-ip Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. string Maximum length: 255
management-port Overriding port for management connection (Overrides admin port). integer Minimum value: 0 Maximum value: 65535
fixed-key Auto-generated fixed key used when this device is the root. (Will automatically be generated if not set.) password Not Specified
Parameter Name Description Type Size
action Security fabric authorization action.
accept: Accept authorization request.
deny: Deny authorization request.
option -
ha-members HA members. string Maximum length: 19
downstream-authorization Trust authorizations by this node's administrator.
enable: Enable downstream authorization.
disable: Disable downstream authorization.
option -
Parameter Name Description Type Size
device-ip Device IP. ipv4-address Not Specified
https-port HTTPS port for fabric device. integer Minimum value: 1 Maximum value: 65535
access-token Device access token. varlen_password Not Specified