config system csf
Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
config system csf
Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
set accept-auth-by-cert [disable|enable]
set authorization-request-type [serial|certificate]
set certificate {string}
set configuration-sync [default|local]
set downstream-access [enable|disable]
set downstream-accprofile {string}
config fabric-connector
Description: Fabric connector configuration.
edit <serial>
set accprofile {string}
set configuration-write-access [enable|disable]
set vdom <name1>, <name2>, ...
next
end
set fabric-object-unification [default|local]
set fabric-workers {integer}
set file-mgmt [enable|disable]
set file-quota {integer}
set file-quota-warning {integer}
set forticloud-account-enforcement [enable|disable]
set group-name {string}
set group-password {password}
set log-unification [disable|enable]
set saml-configuration-sync [default|local]
set status [enable|disable]
config trusted-list
Description: Pre-authorized and blocked security fabric nodes.
edit <name>
set authorization-type [serial|certificate]
set serial {string}
set certificate {var-string}
set action [accept|deny]
set ha-members {string}
set downstream-authorization [enable|disable]
set index {integer}
next
end
set uid {string}
set upstream {string}
set upstream-port {integer}
end
config system csf
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
accept-auth-by-cert |
Accept connections with unknown certificates and ask admin for approval. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
authorization-request-type |
Authorization request type. |
option |
- |
serial |
||||||
|
|
|
|||||||||
|
certificate |
Certificate. |
string |
Maximum length: 35 |
|
||||||
|
configuration-sync |
Configuration sync mode. |
option |
- |
default |
||||||
|
|
|
|||||||||
|
downstream-access |
Enable/disable downstream device access to this device's configuration and data. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
downstream-accprofile |
Default access profile for requests from downstream devices. |
string |
Maximum length: 35 |
|
||||||
|
fabric-object-unification |
Fabric CMDB Object Unification. |
option |
- |
default |
||||||
|
|
|
|||||||||
|
fabric-workers |
Number of worker processes for Security Fabric daemon. |
integer |
Minimum value: 1 Maximum value: 4 |
2 |
||||||
|
file-mgmt |
Enable/disable Security Fabric daemon file management. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
file-quota |
Maximum amount of memory that can be used by the daemon files (in bytes). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||
|
file-quota-warning |
Warn when the set percentage of quota has been used. |
integer |
Minimum value: 1 Maximum value: 99 |
90 |
||||||
|
forticloud-account-enforcement |
Fabric FortiCloud account unification. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
group-name |
Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. |
string |
Maximum length: 35 |
|
||||||
|
group-password |
Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. |
password |
Not Specified |
|
||||||
|
log-unification |
Enable/disable broadcast of discovery messages for log unification. |
option |
- |
enable |
||||||
|
|
|
|||||||||
|
saml-configuration-sync |
SAML setting configuration synchronization. |
option |
- |
default |
||||||
|
|
|
|||||||||
|
status |
Enable/disable Security Fabric. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
uid |
Unique ID of the current CSF node |
string |
Maximum length: 35 |
|
||||||
|
upstream |
IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric. |
string |
Maximum length: 255 |
|
||||||
|
upstream-port |
The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric. |
integer |
Minimum value: 1 Maximum value: 65535 |
8013 |
||||||
config fabric-connector
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
serial |
Serial. |
string |
Maximum length: 19 |
|
||||||
|
accprofile |
Override access profile. |
string |
Maximum length: 35 |
|
||||||
|
configuration-write-access |
Enable/disable downstream device write access to configuration. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
vdom |
Virtual domains that the connector has access to. If none are set, the connector will only have access to the VDOM that it joins the Security Fabric through. Virtual domain name. |
string |
Maximum length: 79 |
|
||||||
config trusted-list
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
name |
Name. |
string |
Maximum length: 35 |
|
||||||
|
authorization-type |
Authorization type. |
option |
- |
serial |
||||||
|
|
|
|||||||||
|
serial |
Serial. |
string |
Maximum length: 19 |
|
||||||
|
certificate |
Certificate. |
var-string |
Maximum length: 32767 |
|
||||||
|
action |
Security fabric authorization action. |
option |
- |
accept |
||||||
|
|
|
|||||||||
|
ha-members |
HA members. |
string |
Maximum length: 19 |
|
||||||
|
downstream-authorization |
Trust authorizations by this node's administrator. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
index |
Index of the downstream in tree. |
integer |
Minimum value: 1 Maximum value: 1024 |
0 |
||||||