Fortinet black logo

CLI Reference

Home FortiManager 7.4.1 CLI Reference
7.4.1
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.8
5.6.7
5.6.7
5.6.6
5.6.6
5.6.5
5.6.5
5.6.4
5.6.4
5.6.3
5.6.3
5.6.2
5.6.2
5.6.1
5.6.1
5.6.0
5.6.0
5.4.7
5.4.6
5.4.6
5.4.5
5.4.5
5.4.4
5.4.4
5.4.3
5.4.3
5.4.2
5.4.2
5.4.1
5.4.1
5.4.0
5.4.0
5.2.10
5.2.9
5.2.9
5.2.7
5.2.7
5.2.6
5.2.6
5.2.4
5.2.4
5.2.3
5.2.3
5.2.2
5.2.2
5.2.1
5.2.0
5.0.12
5.0.12
5.0.11
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.0
4.0.0

csf

csf

Use this command to add this device to a Security Fabric or set up a new Security Fabric on this device.

This command is used to establish a fabric connection with FortiAnalyzer. Once the status is enabled, you must configure the following settings to allow the fabric connection:

config system csf

set accept-auth-by-cert enable

set downstream-access enable

end

For more information about establishing this connection to FortiAnalyzer, see the FortiManager Administration Guide.

Syntax

config system csf

set accept-auth-by-cert {enable | disable}

set authorization-request-type {certificate | serial}

set certificate <string>

set downstream-access {enable | disable}

set downstream-accprofile <string>

set fabric-workers <integer>

set status {enable | disable}

set upstream <string>

set upstream-port <integer>

config trusted-list

edit <name>

set action {accept | deny}

set authorization-type {certificate | serial}

set certificate <string>

set ha-members <ha members>

set index <integer>

set serial <string>

end

end

Variable

Description

accept-auth-by-cert {enable | disable}

Accept connections with unknown certificates and ask admin for approval (default = enable).

authorization-request-type {certificate | serial}

Authorization request type (default = certificate).

certificate <string>

Certificate (default = Fortinet_Local).

downstream-access {enable | disable}

Enable/disable downstream device access to this device's configuration and data (default = disable).

downstream-accprofile <string>

Default access profile for requests from downstream devices. This option is only available when downstream-access is set to enable.

fabric-workers <integer>

Number of worker processes for Security Fabric daemon (default = 2).

status {enable | disable}

Enable/disable Security Fabric (default = disable).

upstream <string>

IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric.

upstream-port <integer>

The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013).

Variables forconfig trusted-listsubcommand:

<name>

Name.

action {accept | deny}

Security fabric authorization action (default = accept).

authorization-type {certificate | serial}

Authorization type (default = serial).

certificate <string>

Certificate.

ha-members <ha members>

HA members.

index <integer>

Index of the downstream in tree (default = 0).

serial <string>

Serial.
Previous
Next

csf

Use this command to add this device to a Security Fabric or set up a new Security Fabric on this device.

This command is used to establish a fabric connection with FortiAnalyzer. Once the status is enabled, you must configure the following settings to allow the fabric connection:

config system csf

set accept-auth-by-cert enable

set downstream-access enable

end

For more information about establishing this connection to FortiAnalyzer, see the FortiManager Administration Guide.

Syntax

config system csf

set accept-auth-by-cert {enable | disable}

set authorization-request-type {certificate | serial}

set certificate <string>

set downstream-access {enable | disable}

set downstream-accprofile <string>

set fabric-workers <integer>

set status {enable | disable}

set upstream <string>

set upstream-port <integer>

config trusted-list

edit <name>

set action {accept | deny}

set authorization-type {certificate | serial}

set certificate <string>

set ha-members <ha members>

set index <integer>

set serial <string>

end

end

Variable

Description

accept-auth-by-cert {enable | disable}

Accept connections with unknown certificates and ask admin for approval (default = enable).

authorization-request-type {certificate | serial}

Authorization request type (default = certificate).

certificate <string>

Certificate (default = Fortinet_Local).

downstream-access {enable | disable}

Enable/disable downstream device access to this device's configuration and data (default = disable).

downstream-accprofile <string>

Default access profile for requests from downstream devices. This option is only available when downstream-access is set to enable.

fabric-workers <integer>

Number of worker processes for Security Fabric daemon (default = 2).

status {enable | disable}

Enable/disable Security Fabric (default = disable).

upstream <string>

IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric.

upstream-port <integer>

The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013).

Variables forconfig trusted-listsubcommand:

<name>

Name.

action {accept | deny}

Security fabric authorization action (default = accept).

authorization-type {certificate | serial}

Authorization type (default = serial).

certificate <string>

Certificate.

ha-members <ha members>

HA members.

index <integer>

Index of the downstream in tree (default = 0).

serial <string>

Serial.
Previous
Next