config system csf
Add this FortiProxy to a Security Fabric or set up a new Security Fabric on this FortiProxy.
config system csf Description: Add this FortiProxy to a Security Fabric or set up a new Security Fabric on this FortiProxy. set status [enable|disable] set uid {string} set upstream {string} set source-ip {ipv4-address} set upstream-interface-select-method [auto|specify] set upstream-interface {string} set upstream-port {integer} set group-name {string} set group-password {password} set accept-auth-by-cert [disable|enable] set log-unification [disable|enable] set authorization-request-type [serial|certificate] set certificate {string} set fabric-workers {integer} set downstream-access [enable|disable] set license-sharing [enable|disable] set preferred-seats {integer} set legacy-authentication [disable|enable] set downstream-accprofile {string} set configuration-sync [default|local] set fabric-object-unification [default|local] set saml-configuration-sync [default|local] config trusted-list Description: Pre-authorized and blocked security fabric nodes. edit <name> set authorization-type [serial|certificate] set serial {string} set certificate {var-string} set action [accept|deny] set ha-members {string} set downstream-authorization [enable|disable] set preferred-seats {integer} set index {integer} next end config fabric-connector Description: Fabric connector configuration. edit <serial> set accprofile {string} set configuration-write-access [enable|disable] set vdom <name1>, <name2>, ... next end set forticloud-account-enforcement [enable|disable] set file-mgmt [enable|disable] set file-quota {integer} set file-quota-warning {integer} end
config system csf
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable Security Fabric. |
option |
- |
disable |
||||||
|
|
|||||||||
uid |
Unique ID of the current CSF node |
string |
Maximum length: 35 |
|
||||||
upstream |
IP/FQDN of the FortiProxy upstream from this FortiProxy in the Security Fabric. |
string |
Maximum length: 255 |
|
||||||
source-ip |
Source IP address for communication with the upstream FortiGate. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||
upstream-interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
auto |
||||||
|
|
|||||||||
upstream-interface |
Specify outgoing interface to reach server. |
string |
Maximum length: 15 |
|
||||||
upstream-port |
The port number to use to communicate with the FortiProxy upstream from this FortiProxy in the Security Fabric. |
integer |
Minimum value: 1 Maximum value: 65535 |
8013 |
||||||
group-name |
Security Fabric group name. All FortiProxys in a Security Fabric must have the same group name. |
string |
Maximum length: 35 |
|
||||||
group-password |
Security Fabric group password. For legacy authentication, fabric members must have the same group password. |
password |
Not Specified |
|
||||||
accept-auth-by-cert |
Accept connections with unknown certificates and ask admin for approval. |
option |
- |
enable |
||||||
|
|
|||||||||
log-unification |
Enable/disable broadcast of discovery messages for log unification. |
option |
- |
enable |
||||||
|
|
|||||||||
authorization-request-type |
Authorization request type. |
option |
- |
serial |
||||||
|
|
|||||||||
certificate |
Certificate. |
string |
Maximum length: 35 |
|
||||||
fabric-workers |
Number of worker processes for Security Fabric daemon. |
integer |
Minimum value: 1 Maximum value: 4 |
2 |
||||||
downstream-access |
Enable/disable downstream device access to this device's configuration and data. |
option |
- |
disable |
||||||
|
|
|||||||||
license-sharing |
Enable/disable license sharing between FortiProxy devices. |
option |
- |
enable |
||||||
|
|
|||||||||
preferred-seats |
The number of seats this FortiProxy device as CSF root should be allocated with. The number of gurrantted seats is capped by minimum of the number of local purchased seats and the number of preferred seats. And the rest of preferred seats will be allocated from shared pool at higher priority. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||
legacy-authentication |
Enable/disable legacy authentication. |
option |
- |
enable |
||||||
|
|
|||||||||
downstream-accprofile |
Default access profile for requests from downstream devices. |
string |
Maximum length: 35 |
|
||||||
configuration-sync |
Configuration sync mode. |
option |
- |
default |
||||||
|
|
|||||||||
fabric-object-unification |
Fabric CMDB Object Unification. |
option |
- |
default |
||||||
|
|
|||||||||
saml-configuration-sync |
SAML setting configuration synchronization. |
option |
- |
default |
||||||
|
|
|||||||||
forticloud-account-enforcement |
Fabric FortiCloud account unification. |
option |
- |
enable |
||||||
|
|
|||||||||
file-mgmt |
Enable/disable Security Fabric daemon file management. |
option |
- |
enable |
||||||
|
|
|||||||||
file-quota |
Maximum amount of memory that can be used by the daemon files (in bytes). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||
file-quota-warning |
Warn when the set percentage of quota has been used. |
integer |
Minimum value: 1 Maximum value: 99 |
90 |
config trusted-list
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
name |
Name. |
string |
Maximum length: 35 |
|
||||||
authorization-type |
Authorization type. |
option |
- |
serial |
||||||
|
|
|||||||||
serial |
Serial. |
string |
Maximum length: 19 |
|
||||||
certificate |
Certificate. |
var-string |
Maximum length: 32767 |
|
||||||
action |
Security fabric authorization action. |
option |
- |
accept |
||||||
|
|
|||||||||
ha-members |
HA members. |
string |
Maximum length: 19 |
|
||||||
downstream-authorization |
Trust authorizations by this node's administrator. |
option |
- |
disable |
||||||
|
|
|||||||||
preferred-seats |
The number of seats this FortiProxy device should be allocated with. The number of gurrantted seats is capped by minimum of the number of local purchased seats and the number of preferred seats. And the rest of preferred seats will be allocated from shared pool at higher priority. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||
index |
Index of the downstream in tree. |
integer |
Minimum value: 1 Maximum value: 1024 |
0 |
config fabric-connector
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
serial |
Serial. |
string |
Maximum length: 19 |
|
||||||
accprofile |
Override access profile. |
string |
Maximum length: 35 |
|
||||||
configuration-write-access |
Enable/disable downstream device write access to configuration. |
option |
- |
disable |
||||||
|
|
|||||||||
vdom |
Virtual domains that the connector has access to. If none are set, the connector will only have access to the VDOM that it joins the Security Fabric through. Virtual domain name. |
string |
Maximum length: 79 |
|