Fortinet black logo

CLI Reference

Home FortiWeb 7.0.3 CLI Reference

system csf

7.0.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.3
6.4.2
6.4.1
6.4.0
6.3.23
6.3.19
6.3.18
6.3.17
6.3.16
6.3.15
6.3.14
6.3.13
6.3.11
6.3.10
6.3.9
6.3.7
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.2
6.1.1
5.7.0
5.6.1
5.6.0
Copy Link
Copy Doc ID 195578c9-33a6-11ed-9d74-fa163e15d75b:845326

system csf

You can configure Fabric Connector to use Single Sign-On (SSO) to log in to FortiWeb with FortiGate's administrator accounts.

Use this command to configure the Fabric Connector on FortiWeb. Single sign-on with FortiGate requires configurations on FortiGate as well. For how to configure SSO with FortiGate, see Fabric Connector: Single Sign On with FortiGate.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

config system csf

set status {enable | disable}

set configuration-sync {enable | disable}

set upstream-ip <fortigate ip>

set upstream-port <port for fabric>

set management-ip <fortiweb mgmt ip>

setmanagement-port <port for fortiweb mgmt>

end

Variable

Description

Default

status {enable | disable}

 Enable or disable the Fabric Connector. disable

configuration-sync {enable | disable}

Enable means when Fabric connection with FortiGate is established, the Single Sign-On mode would be enabled automatically and FortiGate would enable synchronizing SAML Single-Sign-On related settings to the FortiWeb device.

Disable means when Fabric connection with the FortiGate is established, you need to manually enable Single Sign-On mode and manually configure the SAML Single-Sign-On settings.

It's recommended to set it as enable.

 Enable

upstream-ip <fortigate ip>

The FortiGate IP. If you have multiple FortiGate appliances and they are deployed as Fabric net, enter the IP address of the Fabric root.

This IP would be the IP of the interface that is selected in the Allow other Security Fabric devices to join field on the FortiGate.

 0.0.0.0

upstream-port <port for fabric>

 Use the default 8013. 8013

management-ip <fortiweb mgmt ip>

 Enter FortiWeb GUI management IP. No default

management-port <port for fortiweb mgmt>

 Enter FortiWeb GUI management HTTPS port. This must be the same as the setting of the HTTPS in System > Admin > Settings in FortiWeb No default

Related topics

Previous
Next

system csf

You can configure Fabric Connector to use Single Sign-On (SSO) to log in to FortiWeb with FortiGate's administrator accounts.

Use this command to configure the Fabric Connector on FortiWeb. Single sign-on with FortiGate requires configurations on FortiGate as well. For how to configure SSO with FortiGate, see Fabric Connector: Single Sign On with FortiGate.

To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

Syntax

config system csf

set status {enable | disable}

set configuration-sync {enable | disable}

set upstream-ip <fortigate ip>

set upstream-port <port for fabric>

set management-ip <fortiweb mgmt ip>

setmanagement-port <port for fortiweb mgmt>

end

Variable

Description

Default

status {enable | disable}

 Enable or disable the Fabric Connector. disable

configuration-sync {enable | disable}

Enable means when Fabric connection with FortiGate is established, the Single Sign-On mode would be enabled automatically and FortiGate would enable synchronizing SAML Single-Sign-On related settings to the FortiWeb device.

Disable means when Fabric connection with the FortiGate is established, you need to manually enable Single Sign-On mode and manually configure the SAML Single-Sign-On settings.

It's recommended to set it as enable.

 Enable

upstream-ip <fortigate ip>

The FortiGate IP. If you have multiple FortiGate appliances and they are deployed as Fabric net, enter the IP address of the Fabric root.

This IP would be the IP of the interface that is selected in the Allow other Security Fabric devices to join field on the FortiGate.

 0.0.0.0

upstream-port <port for fabric>

 Use the default 8013. 8013

management-ip <fortiweb mgmt ip>

 Enter FortiWeb GUI management IP. No default

management-port <port for fortiweb mgmt>

 Enter FortiWeb GUI management HTTPS port. This must be the same as the setting of the HTTPS in System > Admin > Settings in FortiWeb No default

Related topics

Previous
Next