Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiProxy 7.6.0 CLI Reference
    7.6.0
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.0.19
    7.0.18
    7.0.17
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    2.0.13
    2.0.12
    2.0.0
    1.2.4

    config system fabric-vpn

    config system fabric-vpn

    Setup for self orchestrated fabric auto discovery VPN.

    config system fabric-vpn
    Description: Setup for self orchestrated fabric auto discovery VPN.
    set status [enable|disable]
    set sync-mode [enable|disable]
    set branch-name {string}
    set policy-rule [health-check|manual|...]
    set vpn-role [hub|spoke]
    config overlays
        Description: Local overlay interfaces table.
        edit <name>
            set overlay-tunnel-block {ipv4-classnet-host}
            set remote-gw {ipv4-address-any}
            set interface {string}
            set bgp-neighbor {string}
            set overlay-policy {integer}
            set bgp-network {integer}
            set route-policy {integer}
            set bgp-neighbor-group {string}
            set bgp-neighbor-range {integer}
            set ipsec-phase1 {string}
            set sdwan-member {integer}
        next
    end
    config advertised-subnets
        Description: Local advertised subnets.
        edit <id>
            set prefix {ipv4-classnet}
            set access [inbound|bidirectional]
            set bgp-network {integer}
            set firewall-address {string}
            set policies {integer}
        next
    end
    set loopback-address-block {ipv4-classnet-host}
    set loopback-interface {string}
    set loopback-advertised-subnet {integer}
    set psksecret {password-3}
    set bgp-as {integer}
    set sdwan-zone {string}
    set health-checks {string}
end

    config system fabric-vpn

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable/disable Fabric VPN.

    option

    -

    disable

    Option

    Description

    enable

    Enable Fabric VPN.

    disable

    Disable Fabric VPN.

    sync-mode

    Setting synchronised by fabric or manual.

    option

    -

    enable

    Option

    Description

    enable

    Enable fabric led configuration synchronisation.

    disable

    Disable fabric led configuration synchronisation.

    branch-name

    Branch name.

    string

    Maximum length: 35

    policy-rule

    Policy creation rule.

    option

    -

    health-check

    Option

    Description

    health-check

    Create health check policy automatically.

    manual

    All policies will be created manually.

    auto

    Automatically create allow policies.

    vpn-role

    Fabric VPN role.

    option

    -

    hub

    Option

    Description

    hub

    VPN hub.

    spoke

    VPN spoke.

    loopback-address-block

    IPv4 address and subnet mask for hub's loopback address, syntax: X.X.X.X/24.

    ipv4-classnet-host

    Not Specified

    0.0.0.0 0.0.0.0

    loopback-interface

    Loopback interface.

    string

    Maximum length: 15

    loopback-advertised-subnet

    Loopback advertised subnet reference.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    psksecret

    Pre-shared secret for ADVPN.

    password-3

    Not Specified

    bgp-as

    BGP Router AS number, valid from 1 to 4294967295.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    sdwan-zone

    Reference to created SD-WAN zone.

    string

    Maximum length: 35

    health-checks

    Underlying health checks.

    string

    Maximum length: 35

    config overlays

    Parameter

    Description

    Type

    Size

    Default

    name

    Overlay name.

    string

    Maximum length: 79

    overlay-tunnel-block

    IPv4 address and subnet mask for the overlay tunnel , syntax: X.X.X.X/24.

    ipv4-classnet-host

    Not Specified

    0.0.0.0 0.0.0.0

    remote-gw

    IP address of the hub gateway (Set by hub).

    ipv4-address-any

    Not Specified

    0.0.0.0

    interface

    Underlying interface name.

    string

    Maximum length: 15

    bgp-neighbor

    Underlying BGP neighbor entry.

    string

    Maximum length: 45

    overlay-policy

    The overlay policy to allow ADVPN thru traffic.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    bgp-network

    Underlying BGP network.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    route-policy

    Underlying router policy.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    bgp-neighbor-group

    Underlying BGP neighbor group entry.

    string

    Maximum length: 45

    bgp-neighbor-range

    Underlying BGP neighbor range entry.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    ipsec-phase1

    IPsec interface.

    string

    Maximum length: 35

    sdwan-member

    Reference to SD-WAN member entry.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    config advertised-subnets

    Parameter

    Description

    Type

    Size

    Default

    id

    ID.

    integer

    Minimum value: 0 Maximum value: 4294967294

    0

    prefix

    Network prefix.

    ipv4-classnet

    Not Specified

    0.0.0.0 0.0.0.0

    access

    Access policy direction.

    option

    -

    inbound

    Option

    Description

    inbound

    Allow inbound traffic to subnet.

    bidirectional

    Allow inbound and outbound traffic to subnet.

    bgp-network

    Underlying BGP network.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    firewall-address

    Underlying firewall address.

    string

    Maximum length: 79

    policies

    Underlying policies.

    integer

    Minimum value: 0 Maximum value: 4294967295

    Previous
    Next

    config system fabric-vpn

    config system fabric-vpn

    Setup for self orchestrated fabric auto discovery VPN.

    config system fabric-vpn
    Description: Setup for self orchestrated fabric auto discovery VPN.
    set status [enable|disable]
    set sync-mode [enable|disable]
    set branch-name {string}
    set policy-rule [health-check|manual|...]
    set vpn-role [hub|spoke]
    config overlays
        Description: Local overlay interfaces table.
        edit <name>
            set overlay-tunnel-block {ipv4-classnet-host}
            set remote-gw {ipv4-address-any}
            set interface {string}
            set bgp-neighbor {string}
            set overlay-policy {integer}
            set bgp-network {integer}
            set route-policy {integer}
            set bgp-neighbor-group {string}
            set bgp-neighbor-range {integer}
            set ipsec-phase1 {string}
            set sdwan-member {integer}
        next
    end
    config advertised-subnets
        Description: Local advertised subnets.
        edit <id>
            set prefix {ipv4-classnet}
            set access [inbound|bidirectional]
            set bgp-network {integer}
            set firewall-address {string}
            set policies {integer}
        next
    end
    set loopback-address-block {ipv4-classnet-host}
    set loopback-interface {string}
    set loopback-advertised-subnet {integer}
    set psksecret {password-3}
    set bgp-as {integer}
    set sdwan-zone {string}
    set health-checks {string}
end

    config system fabric-vpn

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable/disable Fabric VPN.

    option

    -

    disable

    Option

    Description

    enable

    Enable Fabric VPN.

    disable

    Disable Fabric VPN.

    sync-mode

    Setting synchronised by fabric or manual.

    option

    -

    enable

    Option

    Description

    enable

    Enable fabric led configuration synchronisation.

    disable

    Disable fabric led configuration synchronisation.

    branch-name

    Branch name.

    string

    Maximum length: 35

    policy-rule

    Policy creation rule.

    option

    -

    health-check

    Option

    Description

    health-check

    Create health check policy automatically.

    manual

    All policies will be created manually.

    auto

    Automatically create allow policies.

    vpn-role

    Fabric VPN role.

    option

    -

    hub

    Option

    Description

    hub

    VPN hub.

    spoke

    VPN spoke.

    loopback-address-block

    IPv4 address and subnet mask for hub's loopback address, syntax: X.X.X.X/24.

    ipv4-classnet-host

    Not Specified

    0.0.0.0 0.0.0.0

    loopback-interface

    Loopback interface.

    string

    Maximum length: 15

    loopback-advertised-subnet

    Loopback advertised subnet reference.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    psksecret

    Pre-shared secret for ADVPN.

    password-3

    Not Specified

    bgp-as

    BGP Router AS number, valid from 1 to 4294967295.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    sdwan-zone

    Reference to created SD-WAN zone.

    string

    Maximum length: 35

    health-checks

    Underlying health checks.

    string

    Maximum length: 35

    config overlays

    Parameter

    Description

    Type

    Size

    Default

    name

    Overlay name.

    string

    Maximum length: 79

    overlay-tunnel-block

    IPv4 address and subnet mask for the overlay tunnel , syntax: X.X.X.X/24.

    ipv4-classnet-host

    Not Specified

    0.0.0.0 0.0.0.0

    remote-gw

    IP address of the hub gateway (Set by hub).

    ipv4-address-any

    Not Specified

    0.0.0.0

    interface

    Underlying interface name.

    string

    Maximum length: 15

    bgp-neighbor

    Underlying BGP neighbor entry.

    string

    Maximum length: 45

    overlay-policy

    The overlay policy to allow ADVPN thru traffic.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    bgp-network

    Underlying BGP network.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    route-policy

    Underlying router policy.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    bgp-neighbor-group

    Underlying BGP neighbor group entry.

    string

    Maximum length: 45

    bgp-neighbor-range

    Underlying BGP neighbor range entry.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    ipsec-phase1

    IPsec interface.

    string

    Maximum length: 35

    sdwan-member

    Reference to SD-WAN member entry.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    config advertised-subnets

    Parameter

    Description

    Type

    Size

    Default

    id

    ID.

    integer

    Minimum value: 0 Maximum value: 4294967294

    0

    prefix

    Network prefix.

    ipv4-classnet

    Not Specified

    0.0.0.0 0.0.0.0

    access

    Access policy direction.

    option

    -

    inbound

    Option

    Description

    inbound

    Allow inbound traffic to subnet.

    bidirectional

    Allow inbound and outbound traffic to subnet.

    bgp-network

    Underlying BGP network.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    firewall-address

    Underlying firewall address.

    string

    Maximum length: 79

    policies

    Underlying policies.

    integer

    Minimum value: 0 Maximum value: 4294967295

    Previous
    Next