Fortinet black logo

CLI Reference

config system csf

config system csf

Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

config system csf

Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

set status [enable|disable]

set upstream-ip {ipv4-address}

set upstream-port {integer}

set group-name {string}

set group-password {password}

set accept-auth-by-cert [disable|enable]

set log-unification [disable|enable]

set authorization-request-type [serial|certificate]

set certificate {string}

set fabric-workers {integer}

set downstream-access [enable|disable]

set downstream-accprofile {string}

set configuration-sync [default|local]

set fabric-object-unification [default|local]

set saml-configuration-sync [default|local]

config trusted-list

Description: Pre-authorized and blocked security fabric nodes.

edit <name>

set authorization-type [serial|certificate]

set serial {string}

set certificate {var-string}

set action [accept|deny]

set ha-members {string}

set downstream-authorization [enable|disable]

next

end

config fabric-connector

Description: Fabric connector configuration.

edit <serial>

set accprofile {string}

set configuration-write-access [enable|disable]

next

end

config fabric-device

Description: Fabric device configuration.

edit <name>

set device-ip {ipv4-address}

set https-port {integer}

set access-token {varlen_password}

next

end

end

config system csf

Parameter

Description

Type

Size

Default

status

Enable/disable Security Fabric.

option

-

disable

Option

Description

enable

Enable Security Fabric.

disable

Disable Security Fabric.

upstream-ip

IP address of the FortiGate upstream from this FortiGate in the Security Fabric.

ipv4-address

Not Specified

0.0.0.0

upstream-port

The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric .

integer

Minimum value: 1 Maximum value: 65535

8013

group-name

Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.

string

Maximum length: 35

group-password

Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.

password

Not Specified

accept-auth-by-cert

Accept connections with unknown certificates and ask admin for approval.

option

-

enable

Option

Description

disable

Do not accept SSL connections with unknown certificates.

enable

Accept SSL connections without automatic certificate verification.

log-unification

Enable/disable broadcast of discovery messages for log unification.

option

-

enable

Option

Description

disable

Disable broadcast of discovery messages for log unification.

enable

Enable broadcast of discovery messages for log unification.

authorization-request-type

Authorization request type.

option

-

serial

Option

Description

serial

Request verification by serial number.

certificate

Request verification by certificate.

certificate

Certificate.

string

Maximum length: 35

fabric-workers

Number of worker processes for Security Fabric daemon.

integer

Minimum value: 1 Maximum value: 4

2

downstream-access

Enable/disable downstream device access to this device's configuration and data.

option

-

disable

Option

Description

enable

Enable downstream device access to this device's configuration and data.

disable

Disable downstream device access to this device's configuration and data.

downstream-accprofile

Default access profile for requests from downstream devices.

string

Maximum length: 35

configuration-sync

Configuration sync mode.

option

-

default

Option

Description

default

Synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node.

local

Do not synchronize configuration with root node.

fabric-object-unification

Fabric CMDB Object Unification.

option

-

default

Option

Description

default

Global CMDB objects will be synchronized in Security Fabric.

local

Global CMDB objects will not be synchronized to and from this device.

saml-configuration-sync

SAML setting configuration synchronization.

option

-

default

Option

Description

default

SAML setting for fabric members is created by fabric root.

local

Do not apply SAML configuration generated by root.

config trusted-list

Parameter

Description

Type

Size

Default

authorization-type

Authorization type.

option

-

serial

Option

Description

serial

Verify downstream by serial number.

certificate

Verify downstream by certificate.

serial

Serial.

string

Maximum length: 19

certificate

Certificate.

var-string

Maximum length: 32767

action

Security fabric authorization action.

option

-

accept

Option

Description

accept

Accept authorization request.

deny

Deny authorization request.

ha-members

HA members.

string

Maximum length: 19

downstream-authorization

Trust authorizations by this node's administrator.

option

-

disable

Option

Description

enable

Enable downstream authorization.

disable

Disable downstream authorization.

config fabric-connector

Parameter

Description

Type

Size

Default

accprofile

Override access profile.

string

Maximum length: 35

configuration-write-access

Enable/disable downstream device write access to configuration.

option

-

disable

Option

Description

enable

Enable downstream device write access to configuration.

disable

Disable downstream device write access to configuration.

config fabric-device

Parameter

Description

Type

Size

Default

device-ip

Device IP.

ipv4-address

Not Specified

0.0.0.0

https-port

HTTPS port for fabric device.

integer

Minimum value: 1 Maximum value: 65535

443

access-token

Device access token.

varlen_password

Not Specified

config system csf

Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

config system csf

Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

set status [enable|disable]

set upstream-ip {ipv4-address}

set upstream-port {integer}

set group-name {string}

set group-password {password}

set accept-auth-by-cert [disable|enable]

set log-unification [disable|enable]

set authorization-request-type [serial|certificate]

set certificate {string}

set fabric-workers {integer}

set downstream-access [enable|disable]

set downstream-accprofile {string}

set configuration-sync [default|local]

set fabric-object-unification [default|local]

set saml-configuration-sync [default|local]

config trusted-list

Description: Pre-authorized and blocked security fabric nodes.

edit <name>

set authorization-type [serial|certificate]

set serial {string}

set certificate {var-string}

set action [accept|deny]

set ha-members {string}

set downstream-authorization [enable|disable]

next

end

config fabric-connector

Description: Fabric connector configuration.

edit <serial>

set accprofile {string}

set configuration-write-access [enable|disable]

next

end

config fabric-device

Description: Fabric device configuration.

edit <name>

set device-ip {ipv4-address}

set https-port {integer}

set access-token {varlen_password}

next

end

end

config system csf

Parameter

Description

Type

Size

Default

status

Enable/disable Security Fabric.

option

-

disable

Option

Description

enable

Enable Security Fabric.

disable

Disable Security Fabric.

upstream-ip

IP address of the FortiGate upstream from this FortiGate in the Security Fabric.

ipv4-address

Not Specified

0.0.0.0

upstream-port

The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric .

integer

Minimum value: 1 Maximum value: 65535

8013

group-name

Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.

string

Maximum length: 35

group-password

Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.

password

Not Specified

accept-auth-by-cert

Accept connections with unknown certificates and ask admin for approval.

option

-

enable

Option

Description

disable

Do not accept SSL connections with unknown certificates.

enable

Accept SSL connections without automatic certificate verification.

log-unification

Enable/disable broadcast of discovery messages for log unification.

option

-

enable

Option

Description

disable

Disable broadcast of discovery messages for log unification.

enable

Enable broadcast of discovery messages for log unification.

authorization-request-type

Authorization request type.

option

-

serial

Option

Description

serial

Request verification by serial number.

certificate

Request verification by certificate.

certificate

Certificate.

string

Maximum length: 35

fabric-workers

Number of worker processes for Security Fabric daemon.

integer

Minimum value: 1 Maximum value: 4

2

downstream-access

Enable/disable downstream device access to this device's configuration and data.

option

-

disable

Option

Description

enable

Enable downstream device access to this device's configuration and data.

disable

Disable downstream device access to this device's configuration and data.

downstream-accprofile

Default access profile for requests from downstream devices.

string

Maximum length: 35

configuration-sync

Configuration sync mode.

option

-

default

Option

Description

default

Synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node.

local

Do not synchronize configuration with root node.

fabric-object-unification

Fabric CMDB Object Unification.

option

-

default

Option

Description

default

Global CMDB objects will be synchronized in Security Fabric.

local

Global CMDB objects will not be synchronized to and from this device.

saml-configuration-sync

SAML setting configuration synchronization.

option

-

default

Option

Description

default

SAML setting for fabric members is created by fabric root.

local

Do not apply SAML configuration generated by root.

config trusted-list

Parameter

Description

Type

Size

Default

authorization-type

Authorization type.

option

-

serial

Option

Description

serial

Verify downstream by serial number.

certificate

Verify downstream by certificate.

serial

Serial.

string

Maximum length: 19

certificate

Certificate.

var-string

Maximum length: 32767

action

Security fabric authorization action.

option

-

accept

Option

Description

accept

Accept authorization request.

deny

Deny authorization request.

ha-members

HA members.

string

Maximum length: 19

downstream-authorization

Trust authorizations by this node's administrator.

option

-

disable

Option

Description

enable

Enable downstream authorization.

disable

Disable downstream authorization.

config fabric-connector

Parameter

Description

Type

Size

Default

accprofile

Override access profile.

string

Maximum length: 35

configuration-write-access

Enable/disable downstream device write access to configuration.

option

-

disable

Option

Description

enable

Enable downstream device write access to configuration.

disable

Disable downstream device write access to configuration.

config fabric-device

Parameter

Description

Type

Size

Default

device-ip

Device IP.

ipv4-address

Not Specified

0.0.0.0

https-port

HTTPS port for fabric device.

integer

Minimum value: 1 Maximum value: 65535

443

access-token

Device access token.

varlen_password

Not Specified