Fortinet white logo
Fortinet white logo

CLI Reference

system csf

Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

  config system csf
      Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
      set status [enable|disable]
      set upstream-ip {ipv4-address}
      set upstream-port {integer}
      set group-name {string}
      set group-password {password}
      set configuration-sync [default|local]
      set fabric-object-unification [default|local]
      set management-ip {string}
      set management-port {integer}
      config trusted-list
          Description: Pre-authorized and blocked security fabric nodes.
          edit <serial>
              set action [accept|deny]
              set ha-members {string}
              set downstream-authorization [enable|disable]
          next
      end
      config fabric-device
          Description: Fabric device configuration.
          edit <name>
              set device-ip {ipv4-address}
              set https-port {integer}
              set access-token {varlen_password}
          next
      end
  end

config system csf

Parameter Name Description Type Size
status Enable/disable Security Fabric.
enable: Enable Security Fabric.
disable: Disable Security Fabric.
option -
upstream-ip IP address of the FortiGate upstream from this FortiGate in the Security Fabric. ipv4-address Not Specified
upstream-port The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). integer Minimum value: 1 Maximum value: 65535
group-name Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. string Maximum length: 35
group-password Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. password Not Specified
configuration-sync Configuration sync mode.
default: Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.
local: Do not synchronize configuration with root node.
option -
fabric-object-unification Fabric CMDB Object Unification
default: Global CMDB objects will be synchronized in Security Fabric.
local: Global CMDB objects will not be synchronized to and from this device.
option -
management-ip Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. string Maximum length: 255
management-port Overriding port for management connection (Overrides admin port). integer Minimum value: 0 Maximum value: 65535

config trusted-list

Parameter Name Description Type Size
action Security fabric authorization action.
accept: Accept authorization request.
deny: Deny authorization request.
option -
ha-members HA members. string Maximum length: 19
downstream-authorization Trust authorizations by this node's administrator.
enable: Enable downstream authorization.
disable: Disable downstream authorization.
option -

config fabric-device

Parameter Name Description Type Size
device-ip Device IP. ipv4-address Not Specified
https-port HTTPS port for fabric device. integer Minimum value: 1 Maximum value: 65535
access-token Device access token. varlen_password Not Specified

system csf

Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

  config system csf
      Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
      set status [enable|disable]
      set upstream-ip {ipv4-address}
      set upstream-port {integer}
      set group-name {string}
      set group-password {password}
      set configuration-sync [default|local]
      set fabric-object-unification [default|local]
      set management-ip {string}
      set management-port {integer}
      config trusted-list
          Description: Pre-authorized and blocked security fabric nodes.
          edit <serial>
              set action [accept|deny]
              set ha-members {string}
              set downstream-authorization [enable|disable]
          next
      end
      config fabric-device
          Description: Fabric device configuration.
          edit <name>
              set device-ip {ipv4-address}
              set https-port {integer}
              set access-token {varlen_password}
          next
      end
  end

config system csf

Parameter Name Description Type Size
status Enable/disable Security Fabric.
enable: Enable Security Fabric.
disable: Disable Security Fabric.
option -
upstream-ip IP address of the FortiGate upstream from this FortiGate in the Security Fabric. ipv4-address Not Specified
upstream-port The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). integer Minimum value: 1 Maximum value: 65535
group-name Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. string Maximum length: 35
group-password Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. password Not Specified
configuration-sync Configuration sync mode.
default: Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.
local: Do not synchronize configuration with root node.
option -
fabric-object-unification Fabric CMDB Object Unification
default: Global CMDB objects will be synchronized in Security Fabric.
local: Global CMDB objects will not be synchronized to and from this device.
option -
management-ip Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. string Maximum length: 255
management-port Overriding port for management connection (Overrides admin port). integer Minimum value: 0 Maximum value: 65535

config trusted-list

Parameter Name Description Type Size
action Security fabric authorization action.
accept: Accept authorization request.
deny: Deny authorization request.
option -
ha-members HA members. string Maximum length: 19
downstream-authorization Trust authorizations by this node's administrator.
enable: Enable downstream authorization.
disable: Disable downstream authorization.
option -

config fabric-device

Parameter Name Description Type Size
device-ip Device IP. ipv4-address Not Specified
https-port HTTPS port for fabric device. integer Minimum value: 1 Maximum value: 65535
access-token Device access token. varlen_password Not Specified