Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiWeb 6.3.5 CLI Reference
    6.3.5
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.3.23
    6.3.19
    6.3.18
    6.3.17
    6.3.16
    6.3.15
    6.3.14
    6.3.13
    6.3.11
    6.3.10
    6.3.9
    6.3.7
    6.3.6
    6.3.5
    6.3.4
    6.3.3
    6.3.2
    6.3.1
    6.3.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.2
    6.1.1
    5.7.0
    5.6.1
    5.6.0

    system hsm info

    system hsm info

    Use this command to edit the configuration so that FortiWeb will work with SafeNet Network HSM 7 (hardware security module). The HSM integration allows FortiWeb to retrieve a per-connection SSL session key instead of loading the local private key and certificate.

    Because the HSM configuration requires you to upload a server certificate, you can create it using the web UI only. After you create the configuration in the web UI, this command allows you to edit it.

    For detailed information on integrating HSM with FortiWeb, see the FortiWeb Administration Guide:

    https://docs.fortinet.com/fortiweb/admin-guides

    Before you can show or edit HSM configuration in the CLI and access HSM settings in the web UI, use the following command to enable the HSM settings:

    config server-policy setting

    set high-compatibility-mode enable

    set hsm enable

    end

    To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

    Syntax

    config system hsm info

    set ip "<hsm_ipv4>"

    set port <port_int>

    set timeout <timeout_int>

    set filename "<filename_str>"

    set register-status {enable| disable}

    end

    Variable Description Default

    ip "<hsm_ipv4>"

    Enter the IP address of the HSM.

    		 No default.

    port <port_int>

    Enter the port where FortiWeb establishes an NTLS connection with the HSM.

    		 1792

    timeout <timeout_int>

    Enter a timeout value for the connection between HSM and FortiWeb.

    		 No default.

    filename "<filename_str>"

    Shows the name of the server certificate file from the HSM. You cannot edit this option using the CLI.

    		 No default.

    register-status {enable| disable}

    Enable to create FortiWeb as a client of the HSM.

    		 disable

    Related topics

    Previous
    Next

    system hsm info

    system hsm info

    Use this command to edit the configuration so that FortiWeb will work with SafeNet Network HSM 7 (hardware security module). The HSM integration allows FortiWeb to retrieve a per-connection SSL session key instead of loading the local private key and certificate.

    Because the HSM configuration requires you to upload a server certificate, you can create it using the web UI only. After you create the configuration in the web UI, this command allows you to edit it.

    For detailed information on integrating HSM with FortiWeb, see the FortiWeb Administration Guide:

    https://docs.fortinet.com/fortiweb/admin-guides

    Before you can show or edit HSM configuration in the CLI and access HSM settings in the web UI, use the following command to enable the HSM settings:

    config server-policy setting

    set high-compatibility-mode enable

    set hsm enable

    end

    To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

    Syntax

    config system hsm info

    set ip "<hsm_ipv4>"

    set port <port_int>

    set timeout <timeout_int>

    set filename "<filename_str>"

    set register-status {enable| disable}

    end

    Variable Description Default

    ip "<hsm_ipv4>"

    Enter the IP address of the HSM.

    		 No default.

    port <port_int>

    Enter the port where FortiWeb establishes an NTLS connection with the HSM.

    		 1792

    timeout <timeout_int>

    Enter a timeout value for the connection between HSM and FortiWeb.

    		 No default.

    filename "<filename_str>"

    Shows the name of the server certificate file from the HSM. You cannot edit this option using the CLI.

    		 No default.

    register-status {enable| disable}

    Enable to create FortiWeb as a client of the HSM.

    		 disable

    Related topics

    Previous
    Next