Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.4.12
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config system csf

    config system csf

    Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

    config system csf
    Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
    set accept-auth-by-cert [disable|enable]
    set authorization-request-type [serial|certificate]
    set certificate {string}
    set configuration-sync [default|local]
    config fabric-device
        Description: Fabric device configuration.
        edit <name>
            set device-ip {ipv4-address}
            set https-port {integer}
            set access-token {varlen_password}
        next
    end
    set fabric-object-unification [default|local]
    set fabric-workers {integer}
    set group-name {string}
    set group-password {password}
    set management-ip {string}
    set management-port {integer}
    set saml-configuration-sync [default|local]
    set status [enable|disable]
    config trusted-list
        Description: Pre-authorized and blocked security fabric nodes.
        edit <name>
            set authorization-type [serial|certificate]
            set serial {string}
            set certificate {var-string}
            set action [accept|deny]
            set ha-members {string}
            set downstream-authorization [enable|disable]
        next
    end
    set upstream-ip {ipv4-address}
    set upstream-port {integer}
end

    config system csf

    Parameter

    Description

    Type

    Size

    Default

    accept-auth-by-cert

    Accept connections with unknown certificates and ask admin for approval.

    option

    -

    enable

    Option

    Description

    disable

    Do not accept SSL connections with unknown certificates.

    enable

    Accept SSL connections without automatic certificate verification.

    authorization-request-type

    Authorization request type.

    option

    -

    serial

    Option

    Description

    serial

    Request verification by serial number.

    certificate

    Request verification by certificate.

    certificate

    Certificate.

    string

    Maximum length: 35

    configuration-sync

    Configuration sync mode.

    option

    -

    default

    Option

    Description

    default

    Synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node.

    local

    Do not synchronize configuration with root node.

    fabric-object-unification

    Fabric CMDB Object Unification.

    option

    -

    default

    Option

    Description

    default

    Global CMDB objects will be synchronized in Security Fabric.

    local

    Global CMDB objects will not be synchronized to and from this device.

    fabric-workers

    Number of worker processes for Security Fabric daemon.

    integer

    Minimum value: 1 Maximum value: 4

    2

    group-name

    Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.

    string

    Maximum length: 35

    group-password

    Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.

    password

    Not Specified

    management-ip

    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.

    string

    Maximum length: 255

    management-port

    Overriding port for management connection (Overrides admin port).

    integer

    Minimum value: 0 Maximum value: 65535

    0

    saml-configuration-sync

    SAML setting configuration synchronization.

    option

    -

    default

    Option

    Description

    default

    SAML setting for fabric members is created by fabric root.

    local

    Do not apply SAML configuration generated by root.

    status

    Enable/disable Security Fabric.

    option

    -

    disable

    Option

    Description

    enable

    Enable Security Fabric.

    disable

    Disable Security Fabric.

    upstream-ip

    IP address of the FortiGate upstream from this FortiGate in the Security Fabric.

    ipv4-address

    Not Specified

    0.0.0.0

    upstream-port

    The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric.

    integer

    Minimum value: 1 Maximum value: 65535

    8013

    config fabric-device

    Parameter

    Description

    Type

    Size

    Default

    name

    Device name.

    string

    Maximum length: 35

    device-ip

    Device IP.

    ipv4-address

    Not Specified

    0.0.0.0

    https-port

    HTTPS port for fabric device.

    integer

    Minimum value: 1 Maximum value: 65535

    443

    access-token

    Device access token.

    varlen_password

    Not Specified

    config trusted-list

    Parameter

    Description

    Type

    Size

    Default

    name

    Name.

    string

    Maximum length: 35

    authorization-type

    Authorization type.

    option

    -

    serial

    Option

    Description

    serial

    Verify downstream by serial number.

    certificate

    Verify downstream by certificate.

    serial

    Serial.

    string

    Maximum length: 19

    certificate

    Certificate.

    var-string

    Maximum length: 32767

    action

    Security fabric authorization action.

    option

    -

    accept

    Option

    Description

    accept

    Accept authorization request.

    deny

    Deny authorization request.

    ha-members

    HA members.

    string

    Maximum length: 19

    downstream-authorization

    Trust authorizations by this node's administrator.

    option

    -

    disable

    Option

    Description

    enable

    Enable downstream authorization.

    disable

    Disable downstream authorization.
    Previous
    Next

    config system csf

    config system csf

    Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

    config system csf
    Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
    set accept-auth-by-cert [disable|enable]
    set authorization-request-type [serial|certificate]
    set certificate {string}
    set configuration-sync [default|local]
    config fabric-device
        Description: Fabric device configuration.
        edit <name>
            set device-ip {ipv4-address}
            set https-port {integer}
            set access-token {varlen_password}
        next
    end
    set fabric-object-unification [default|local]
    set fabric-workers {integer}
    set group-name {string}
    set group-password {password}
    set management-ip {string}
    set management-port {integer}
    set saml-configuration-sync [default|local]
    set status [enable|disable]
    config trusted-list
        Description: Pre-authorized and blocked security fabric nodes.
        edit <name>
            set authorization-type [serial|certificate]
            set serial {string}
            set certificate {var-string}
            set action [accept|deny]
            set ha-members {string}
            set downstream-authorization [enable|disable]
        next
    end
    set upstream-ip {ipv4-address}
    set upstream-port {integer}
end

    config system csf

    Parameter

    Description

    Type

    Size

    Default

    accept-auth-by-cert

    Accept connections with unknown certificates and ask admin for approval.

    option

    -

    enable

    Option

    Description

    disable

    Do not accept SSL connections with unknown certificates.

    enable

    Accept SSL connections without automatic certificate verification.

    authorization-request-type

    Authorization request type.

    option

    -

    serial

    Option

    Description

    serial

    Request verification by serial number.

    certificate

    Request verification by certificate.

    certificate

    Certificate.

    string

    Maximum length: 35

    configuration-sync

    Configuration sync mode.

    option

    -

    default

    Option

    Description

    default

    Synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node.

    local

    Do not synchronize configuration with root node.

    fabric-object-unification

    Fabric CMDB Object Unification.

    option

    -

    default

    Option

    Description

    default

    Global CMDB objects will be synchronized in Security Fabric.

    local

    Global CMDB objects will not be synchronized to and from this device.

    fabric-workers

    Number of worker processes for Security Fabric daemon.

    integer

    Minimum value: 1 Maximum value: 4

    2

    group-name

    Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.

    string

    Maximum length: 35

    group-password

    Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.

    password

    Not Specified

    management-ip

    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.

    string

    Maximum length: 255

    management-port

    Overriding port for management connection (Overrides admin port).

    integer

    Minimum value: 0 Maximum value: 65535

    0

    saml-configuration-sync

    SAML setting configuration synchronization.

    option

    -

    default

    Option

    Description

    default

    SAML setting for fabric members is created by fabric root.

    local

    Do not apply SAML configuration generated by root.

    status

    Enable/disable Security Fabric.

    option

    -

    disable

    Option

    Description

    enable

    Enable Security Fabric.

    disable

    Disable Security Fabric.

    upstream-ip

    IP address of the FortiGate upstream from this FortiGate in the Security Fabric.

    ipv4-address

    Not Specified

    0.0.0.0

    upstream-port

    The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric.

    integer

    Minimum value: 1 Maximum value: 65535

    8013

    config fabric-device

    Parameter

    Description

    Type

    Size

    Default

    name

    Device name.

    string

    Maximum length: 35

    device-ip

    Device IP.

    ipv4-address

    Not Specified

    0.0.0.0

    https-port

    HTTPS port for fabric device.

    integer

    Minimum value: 1 Maximum value: 65535

    443

    access-token

    Device access token.

    varlen_password

    Not Specified

    config trusted-list

    Parameter

    Description

    Type

    Size

    Default

    name

    Name.

    string

    Maximum length: 35

    authorization-type

    Authorization type.

    option

    -

    serial

    Option

    Description

    serial

    Verify downstream by serial number.

    certificate

    Verify downstream by certificate.

    serial

    Serial.

    string

    Maximum length: 19

    certificate

    Certificate.

    var-string

    Maximum length: 32767

    action

    Security fabric authorization action.

    option

    -

    accept

    Option

    Description

    accept

    Accept authorization request.

    deny

    Deny authorization request.

    ha-members

    HA members.

    string

    Maximum length: 19

    downstream-authorization

    Trust authorizations by this node's administrator.

    option

    -

    disable

    Option

    Description

    enable

    Enable downstream authorization.

    disable

    Disable downstream authorization.
    Previous
    Next