Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config system csf

Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

config system csf

Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

set status [enable|disable]

set upstream-ip {ipv4-address}

set upstream-port {integer}

set group-name {string}

set group-password {password}

set configuration-sync [default|local]

set management-ip {string}

set management-port {integer}

config trusted-list

Description: Pre-authorized and blocked security fabric nodes.

edit <serial>

set action [accept|deny]

set ha-members {string}

set downstream-authorization [enable|disable]

next

end

config fabric-device

Description: Fabric device configuration.

edit <name>

set device-ip {ipv4-address}

set https-port {integer}

set access-token {varlen_password}

next

end

end

config system csf

Parameter name

Description

Type

Size

status

Enable/disable Security Fabric.

option

-

 

Option

Description

enable

Enable Security Fabric.

disable

Disable Security Fabric.

upstream-ip

IP address of the FortiGate upstream from this FortiGate in the Security Fabric.

ipv4-address

Not Specified

upstream-port

The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013).

integer

Minimum value: 1 Maximum value: 65535

group-name

Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.

string

Maximum length: 35

group-password

Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.

password

Not Specified

configuration-sync

Configuration sync mode.

option

-

 

Option

Description

default

Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.

local

Do not synchronize configuration with root node.

management-ip

Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.

string

Maximum length: 255

management-port

Overriding port for management connection (Overrides admin port).

integer

Minimum value: 0 Maximum value: 65535

Parameter name

Description

Type

Size

action

Security fabric authorization action.

option

-

 

Option

Description

accept

Accept authorization request.

deny

Deny authorization request.

ha-members

HA members.

string

Maximum length: 19

downstream-authorization

Trust authorizations by this node's administrator.

option

-

 

Option

Description

enable

Enable downstream authorization.

disable

Disable downstream authorization.

Parameter name

Description

Type

Size

device-ip

Device IP.

ipv4-address

Not Specified

https-port

HTTPS port for fabric device.

integer

Minimum value: 1 Maximum value: 65535

access-token

Device access token.

varlen_password

Not Specified

config system csf

Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

config system csf

Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

set status [enable|disable]

set upstream-ip {ipv4-address}

set upstream-port {integer}

set group-name {string}

set group-password {password}

set configuration-sync [default|local]

set management-ip {string}

set management-port {integer}

config trusted-list

Description: Pre-authorized and blocked security fabric nodes.

edit <serial>

set action [accept|deny]

set ha-members {string}

set downstream-authorization [enable|disable]

next

end

config fabric-device

Description: Fabric device configuration.

edit <name>

set device-ip {ipv4-address}

set https-port {integer}

set access-token {varlen_password}

next

end

end

config system csf

Parameter name

Description

Type

Size

status

Enable/disable Security Fabric.

option

-

 

Option

Description

enable

Enable Security Fabric.

disable

Disable Security Fabric.

upstream-ip

IP address of the FortiGate upstream from this FortiGate in the Security Fabric.

ipv4-address

Not Specified

upstream-port

The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013).

integer

Minimum value: 1 Maximum value: 65535

group-name

Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.

string

Maximum length: 35

group-password

Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.

password

Not Specified

configuration-sync

Configuration sync mode.

option

-

 

Option

Description

default

Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.

local

Do not synchronize configuration with root node.

management-ip

Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.

string

Maximum length: 255

management-port

Overriding port for management connection (Overrides admin port).

integer

Minimum value: 0 Maximum value: 65535

Parameter name

Description

Type

Size

action

Security fabric authorization action.

option

-

 

Option

Description

accept

Accept authorization request.

deny

Deny authorization request.

ha-members

HA members.

string

Maximum length: 19

downstream-authorization

Trust authorizations by this node's administrator.

option

-

 

Option

Description

enable

Enable downstream authorization.

disable

Disable downstream authorization.

Parameter name

Description

Type

Size

device-ip

Device IP.

ipv4-address

Not Specified

https-port

HTTPS port for fabric device.

integer

Minimum value: 1 Maximum value: 65535

access-token

Device access token.

varlen_password

Not Specified