config system csf
Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
set status [enable|disable]
set upstream-ip {ipv4-address}
set upstream-port {integer}
set group-name {string}
set group-password {password}
set configuration-sync [default|local]
set fabric-object-unification [default|local]
set management-ip {string}
set management-port {integer}
config trusted-list
Description: Pre-authorized and blocked security fabric nodes.
edit <serial>
set action [accept|deny]
set ha-members {string}
set downstream-authorization [enable|disable]
next
end
config fabric-device
Description: Fabric device configuration.
edit <name>
set device-ip {ipv4-address}
set https-port {integer}
set access-token {varlen_password}
next
end
end
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable Security Fabric. enable: Enable Security Fabric. disable: Disable Security Fabric. |
option | - |
upstream-ip | IP address of the FortiGate upstream from this FortiGate in the Security Fabric. | ipv4-address | Not Specified |
upstream-port | The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). | integer | Minimum value: 1 Maximum value: 65535 |
group-name | Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. | string | Maximum length: 35 |
group-password | Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. | password | Not Specified |
configuration-sync | Configuration sync mode. default: Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node. local: Do not synchronize configuration with root node. |
option | - |
fabric-object-unification | Fabric CMDB Object Unification default: Global CMDB objects will be synchronized in Security Fabric. local: Global CMDB objects will not be synchronized to and from this device. |
option | - |
management-ip | Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. | string | Maximum length: 255 |
management-port | Overriding port for management connection (Overrides admin port). | integer | Minimum value: 0 Maximum value: 65535 |
Parameter Name | Description | Type | Size |
---|---|---|---|
action | Security fabric authorization action. accept: Accept authorization request. deny: Deny authorization request. |
option | - |
ha-members | HA members. | string | Maximum length: 19 |
downstream-authorization | Trust authorizations by this node's administrator. enable: Enable downstream authorization. disable: Disable downstream authorization. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
device-ip | Device IP. | ipv4-address | Not Specified |
https-port | HTTPS port for fabric device. | integer | Minimum value: 1 Maximum value: 65535 |
access-token | Device access token. | varlen_password | Not Specified |
config system csf
Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
set status [enable|disable]
set upstream-ip {ipv4-address}
set upstream-port {integer}
set group-name {string}
set group-password {password}
set configuration-sync [default|local]
set fabric-object-unification [default|local]
set management-ip {string}
set management-port {integer}
config trusted-list
Description: Pre-authorized and blocked security fabric nodes.
edit <serial>
set action [accept|deny]
set ha-members {string}
set downstream-authorization [enable|disable]
next
end
config fabric-device
Description: Fabric device configuration.
edit <name>
set device-ip {ipv4-address}
set https-port {integer}
set access-token {varlen_password}
next
end
end
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable Security Fabric. enable: Enable Security Fabric. disable: Disable Security Fabric. |
option | - |
upstream-ip | IP address of the FortiGate upstream from this FortiGate in the Security Fabric. | ipv4-address | Not Specified |
upstream-port | The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). | integer | Minimum value: 1 Maximum value: 65535 |
group-name | Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. | string | Maximum length: 35 |
group-password | Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. | password | Not Specified |
configuration-sync | Configuration sync mode. default: Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node. local: Do not synchronize configuration with root node. |
option | - |
fabric-object-unification | Fabric CMDB Object Unification default: Global CMDB objects will be synchronized in Security Fabric. local: Global CMDB objects will not be synchronized to and from this device. |
option | - |
management-ip | Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. | string | Maximum length: 255 |
management-port | Overriding port for management connection (Overrides admin port). | integer | Minimum value: 0 Maximum value: 65535 |
Parameter Name | Description | Type | Size |
---|---|---|---|
action | Security fabric authorization action. accept: Accept authorization request. deny: Deny authorization request. |
option | - |
ha-members | HA members. | string | Maximum length: 19 |
downstream-authorization | Trust authorizations by this node's administrator. enable: Enable downstream authorization. disable: Disable downstream authorization. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
device-ip | Device IP. | ipv4-address | Not Specified |
https-port | HTTPS port for fabric device. | integer | Minimum value: 1 Maximum value: 65535 |
access-token | Device access token. | varlen_password | Not Specified |