config system csf

config system csf

Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

config system csf
    Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
    set configuration-sync [default|local]
    config fabric-device
        Description: Fabric device configuration.
        edit <name>
            set device-ip {ipv4-address}
            set https-port {integer}
            set access-token {varlen_password}
        next
    end
    set group-name {string}
    set group-password {password}
    set management-ip {string}
    set management-port {integer}
    set status [enable|disable]
    config trusted-list
        Description: Pre-authorized and blocked security fabric nodes.
        edit <serial>
            set action [accept|deny]
            set ha-members {string}
            set downstream-authorization [enable|disable]
        next
    end
    set upstream-ip {ipv4-address}
    set upstream-port {integer}
end

Parameter

Description

Type

Size

configuration-sync

Configuration sync mode.

option

Option	Description
default	Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.
local	Do not synchronize configuration with root node.

group-name

Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.

string

Maximum length: 35

group-password

Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.

password

Not Specified

management-ip

Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.

string

Maximum length: 255

management-port

Overriding port for management connection (Overrides admin port).

integer

Minimum value: 0 Maximum value: 65535

status

Enable/disable Security Fabric.

option

Option	Description
enable	Enable Security Fabric.
disable	Disable Security Fabric.

upstream-ip

IP address of the FortiGate upstream from this FortiGate in the Security Fabric.

ipv4-address

Not Specified

upstream-port

The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric.

integer

Minimum value: 1 Maximum value: 65535

config fabric-device

Parameter	Description	Type	Size
name	Device name.	string	Maximum length: 35
device-ip	Device IP.	ipv4-address	Not Specified
https-port	HTTPS port for fabric device.	integer	Minimum value: 1 Maximum value: 65535
access-token	Device access token.	varlen_password	Not Specified

config trusted-list

Parameter

Description

Type

Size

serial

Serial.

string

Maximum length: 19

action

Security fabric authorization action.

option

Option	Description
accept	Accept authorization request.
deny	Deny authorization request.

ha-members

HA members.

string

Maximum length: 19

downstream-authorization

Trust authorizations by this node's administrator.

option

Option	Description
enable	Enable downstream authorization.
disable	Disable downstream authorization.

config system csf

Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

config system csf Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate. set configuration-sync [default|local] config fabric-device Description: Fabric device configuration. edit <name> set device-ip {ipv4-address} set https-port {integer} set access-token {varlen_password} next end set group-name {string} set group-password {password} set management-ip {string} set management-port {integer} set status [enable|disable] config trusted-list Description: Pre-authorized and blocked security fabric nodes. edit <serial> set action [accept|deny] set ha-members {string} set downstream-authorization [enable|disable] next end set upstream-ip {ipv4-address} set upstream-port {integer} end

config system csf

Parameter

Description

Type

Size

configuration-sync

Configuration sync mode.

option

Option	Description
default	Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.
local	Do not synchronize configuration with root node.

group-name

Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.

string

Maximum length: 35

group-password

Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.

password

Not Specified

management-ip

Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.

string

Maximum length: 255

management-port

Overriding port for management connection (Overrides admin port).

integer

Minimum value: 0 Maximum value: 65535

status

Enable/disable Security Fabric.

option

Option	Description
enable	Enable Security Fabric.
disable	Disable Security Fabric.

upstream-ip

IP address of the FortiGate upstream from this FortiGate in the Security Fabric.

ipv4-address

Not Specified

upstream-port

The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric.

integer

Minimum value: 1 Maximum value: 65535

config fabric-device

Parameter

Description

Type

Size

name

Device name.

string

Maximum length: 35

device-ip

Device IP.

ipv4-address

Not Specified

https-port

HTTPS port for fabric device.

integer

Minimum value: 1 Maximum value: 65535

access-token

Device access token.

varlen_password

Not Specified

config trusted-list

Parameter

Description

Type

Size

serial

Serial.

string

Maximum length: 19

action

Security fabric authorization action.

option

Option	Description
accept	Accept authorization request.
deny	Deny authorization request.

ha-members

HA members.

string

Maximum length: 19

downstream-authorization

Trust authorizations by this node's administrator.

option

Option	Description
enable	Enable downstream authorization.
disable	Disable downstream authorization.

CLI Reference

config system csf

config system csf