config system csf
Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
set status [enable|disable]
set upstream-ip {ipv4-address}
set upstream-port {integer}
set group-name {string}
set group-password {password}
set accept-auth-by-cert [disable|enable]
set management-ip {string}
set management-port {integer}
set authorization-request-type [serial|certificate]
set certificate {string}
set configuration-sync [default|local]
set fabric-object-unification [default|local]
set saml-configuration-sync [default|local]
config trusted-list
Description: Pre-authorized and blocked security fabric nodes.
edit <name>
set authorization-type [serial|certificate]
set serial {string}
set certificate {var-string}
set action [accept|deny]
set ha-members {string}
set downstream-authorization [enable|disable]
next
end
config fabric-device
Description: Fabric device configuration.
edit <name>
set device-ip {ipv4-address}
set https-port {integer}
set access-token {varlen_password}
next
end
end
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable Security Fabric. enable: Enable Security Fabric. disable: Disable Security Fabric. |
option | - |
upstream-ip | IP address of the FortiGate upstream from this FortiGate in the Security Fabric. | ipv4-address | Not Specified |
upstream-port | The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). | integer | Minimum value: 1 Maximum value: 65535 |
group-name | Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. | string | Maximum length: 35 |
group-password | Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. | password | Not Specified |
accept-auth-by-cert | Accept connections with unknown certificates and ask admin for approval. disable: Do not accept SSL connections with unknown certificates. enable: Accept SSL connections without automatic certificate verification. |
option | - |
management-ip | Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. | string | Maximum length: 255 |
management-port | Overriding port for management connection (Overrides admin port). | integer | Minimum value: 0 Maximum value: 65535 |
authorization-request-type | Authorization request type. serial: Request verification by serial number. certificate: Request verification by certificate. |
option | - |
certificate | Certificate. | string | Maximum length: 35 |
configuration-sync | Configuration sync mode. default: Synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node. local: Do not synchronize configuration with root node. |
option | - |
fabric-object-unification | Fabric CMDB Object Unification. default: Global CMDB objects will be synchronized in Security Fabric. local: Global CMDB objects will not be synchronized to and from this device. |
option | - |
saml-configuration-sync | SAML setting configuration synchronization. default: SAML setting for fabric members is created by fabric root. local: Do not apply SAML configuration generated by root. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
authorization-type | Authorization type. serial: Verify downstream by serial number. certificate: Verify downstream by certificate. |
option | - |
serial | Serial. | string | Maximum length: 19 |
certificate | Certificate. | var-string | Maximum length: 32767 |
action | Security fabric authorization action. accept: Accept authorization request. deny: Deny authorization request. |
option | - |
ha-members | HA members. | string | Maximum length: 19 |
downstream-authorization | Trust authorizations by this node's administrator. enable: Enable downstream authorization. disable: Disable downstream authorization. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
device-ip | Device IP. | ipv4-address | Not Specified |
https-port | HTTPS port for fabric device. | integer | Minimum value: 1 Maximum value: 65535 |
access-token | Device access token. | varlen_password | Not Specified |
config system csf
Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
set status [enable|disable]
set upstream-ip {ipv4-address}
set upstream-port {integer}
set group-name {string}
set group-password {password}
set accept-auth-by-cert [disable|enable]
set management-ip {string}
set management-port {integer}
set authorization-request-type [serial|certificate]
set certificate {string}
set configuration-sync [default|local]
set fabric-object-unification [default|local]
set saml-configuration-sync [default|local]
config trusted-list
Description: Pre-authorized and blocked security fabric nodes.
edit <name>
set authorization-type [serial|certificate]
set serial {string}
set certificate {var-string}
set action [accept|deny]
set ha-members {string}
set downstream-authorization [enable|disable]
next
end
config fabric-device
Description: Fabric device configuration.
edit <name>
set device-ip {ipv4-address}
set https-port {integer}
set access-token {varlen_password}
next
end
end
Parameter Name | Description | Type | Size |
---|---|---|---|
status | Enable/disable Security Fabric. enable: Enable Security Fabric. disable: Disable Security Fabric. |
option | - |
upstream-ip | IP address of the FortiGate upstream from this FortiGate in the Security Fabric. | ipv4-address | Not Specified |
upstream-port | The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric (default = 8013). | integer | Minimum value: 1 Maximum value: 65535 |
group-name | Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. | string | Maximum length: 35 |
group-password | Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. | password | Not Specified |
accept-auth-by-cert | Accept connections with unknown certificates and ask admin for approval. disable: Do not accept SSL connections with unknown certificates. enable: Accept SSL connections without automatic certificate verification. |
option | - |
management-ip | Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. | string | Maximum length: 255 |
management-port | Overriding port for management connection (Overrides admin port). | integer | Minimum value: 0 Maximum value: 65535 |
authorization-request-type | Authorization request type. serial: Request verification by serial number. certificate: Request verification by certificate. |
option | - |
certificate | Certificate. | string | Maximum length: 35 |
configuration-sync | Configuration sync mode. default: Synchronize configuration for FortiAnalyzer, FortiSandbox, and Central Management to root node. local: Do not synchronize configuration with root node. |
option | - |
fabric-object-unification | Fabric CMDB Object Unification. default: Global CMDB objects will be synchronized in Security Fabric. local: Global CMDB objects will not be synchronized to and from this device. |
option | - |
saml-configuration-sync | SAML setting configuration synchronization. default: SAML setting for fabric members is created by fabric root. local: Do not apply SAML configuration generated by root. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
authorization-type | Authorization type. serial: Verify downstream by serial number. certificate: Verify downstream by certificate. |
option | - |
serial | Serial. | string | Maximum length: 19 |
certificate | Certificate. | var-string | Maximum length: 32767 |
action | Security fabric authorization action. accept: Accept authorization request. deny: Deny authorization request. |
option | - |
ha-members | HA members. | string | Maximum length: 19 |
downstream-authorization | Trust authorizations by this node's administrator. enable: Enable downstream authorization. disable: Disable downstream authorization. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
device-ip | Device IP. | ipv4-address | Not Specified |
https-port | HTTPS port for fabric device. | integer | Minimum value: 1 Maximum value: 65535 |
access-token | Device access token. | varlen_password | Not Specified |