Fortinet white logo
Fortinet white logo

CLI Reference

csf

csf

Use this command to add this device to a Security Fabric or set up a new Security Fabric on this device.

This command is used to establish a fabric connection with FortiAnalyzer. Once the status is enabled, you must configure the following settings to allow the fabric connection:

config system csf

set accept-auth-by-cert enable

set downstream-access enable

end

For more information about establishing this connection to FortiAnalyzer, see the FortiManager Administration Guide.

Syntax

config system csf

set accept-auth-by-cert {enable | disable}

set authorization-request-type {certificate | serial}

set certificate <string>

set downstream-access {enable | disable}

set downstream-accprofile <string>

set fabric-workers <integer>

set status {enable | disable}

set upstream <string>

set upstream-port <integer>

config trusted-list

edit <name>

set action {accept | deny}

set authorization-type {certificate | serial}

set certificate <string>

set ha-members <ha members>

set index <integer>

set serial <string>

end

end

Variable

Description

accept-auth-by-cert {enable | disable}

Accept connections with unknown certificates and ask admin for approval (default = enable).

authorization-request-type {certificate | serial}

Authorization request type (default = certificate).

certificate <string>

Certificate (default = Fortinet_Local).

downstream-access {enable | disable}

Enable/disable downstream device access to this device's configuration and data (default = disable).

downstream-accprofile <string>

Default access profile for requests from downstream devices. This option is only available when downstream-access is set to enable.

fabric-workers <integer>

Number of worker processes for Security Fabric daemon (default = 2).

status {enable | disable}

Enable/disable Security Fabric (default = disable).

upstream <string>

IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric.

upstream-port <integer>

The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013).

Variables forconfig trusted-listsubcommand:

<name>

Name.

action {accept | deny}

Security fabric authorization action (default = accept).

authorization-type {certificate | serial}

Authorization type (default = serial).

certificate <string>

Certificate.

ha-members <ha members>

HA members.

index <integer>

Index of the downstream in tree (default = 0).

serial <string>

Serial.

csf

csf

Use this command to add this device to a Security Fabric or set up a new Security Fabric on this device.

This command is used to establish a fabric connection with FortiAnalyzer. Once the status is enabled, you must configure the following settings to allow the fabric connection:

config system csf

set accept-auth-by-cert enable

set downstream-access enable

end

For more information about establishing this connection to FortiAnalyzer, see the FortiManager Administration Guide.

Syntax

config system csf

set accept-auth-by-cert {enable | disable}

set authorization-request-type {certificate | serial}

set certificate <string>

set downstream-access {enable | disable}

set downstream-accprofile <string>

set fabric-workers <integer>

set status {enable | disable}

set upstream <string>

set upstream-port <integer>

config trusted-list

edit <name>

set action {accept | deny}

set authorization-type {certificate | serial}

set certificate <string>

set ha-members <ha members>

set index <integer>

set serial <string>

end

end

Variable

Description

accept-auth-by-cert {enable | disable}

Accept connections with unknown certificates and ask admin for approval (default = enable).

authorization-request-type {certificate | serial}

Authorization request type (default = certificate).

certificate <string>

Certificate (default = Fortinet_Local).

downstream-access {enable | disable}

Enable/disable downstream device access to this device's configuration and data (default = disable).

downstream-accprofile <string>

Default access profile for requests from downstream devices. This option is only available when downstream-access is set to enable.

fabric-workers <integer>

Number of worker processes for Security Fabric daemon (default = 2).

status {enable | disable}

Enable/disable Security Fabric (default = disable).

upstream <string>

IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric.

upstream-port <integer>

The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013).

Variables forconfig trusted-listsubcommand:

<name>

Name.

action {accept | deny}

Security fabric authorization action (default = accept).

authorization-type {certificate | serial}

Authorization type (default = serial).

certificate <string>

Certificate.

ha-members <ha members>

HA members.

index <integer>

Index of the downstream in tree (default = 0).

serial <string>

Serial.