config system csf
Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
config system csf
Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
set status [enable|disable]
set upstream-ip {ipv4-address}
set upstream-port {integer}
set group-name {string}
set group-password {password}
set accept-auth-by-cert [disable|enable]
set management-ip {string}
set management-port {integer}
set authorization-request-type [serial|certificate]
set certificate {string}
set fabric-workers {integer}
set configuration-sync [default|local]
set fabric-object-unification [default|local]
set saml-configuration-sync [default|local]
config trusted-list
Description: Pre-authorized and blocked security fabric nodes.
edit <name>
set authorization-type [serial|certificate]
set serial {string}
set certificate {var-string}
set action [accept|deny]
set ha-members {string}
set downstream-authorization [enable|disable]
next
end
config fabric-device
Description: Fabric device configuration.
edit <name>
set device-ip {ipv4-address}
set https-port {integer}
set access-token {varlen_password}
next
end
end
config system csf
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
status |
Enable/disable Security Fabric. |
option |
- |
disable |
||||||
|
|
|||||||||
upstream-ip |
IP address of the FortiGate upstream from this FortiGate in the Security Fabric. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||
upstream-port |
The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric . |
integer |
Minimum value: 1 Maximum value: 65535 |
8013 |
||||||
group-name |
Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. |
string |
Maximum length: 35 |
|
||||||
group-password |
Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. |
password |
Not Specified |
|
||||||
accept-auth-by-cert |
Accept connections with unknown certificates and ask admin for approval. |
option |
- |
enable |
||||||
|
|
|||||||||
management-ip |
Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric. |
string |
Maximum length: 255 |
|
||||||
management-port |
Overriding port for management connection (Overrides admin port). |
integer |
Minimum value: 0 Maximum value: 65535 |
0 |
||||||
authorization-request-type |
Authorization request type. |
option |
- |
serial |
||||||
|
|
|||||||||
certificate |
Certificate. |
string |
Maximum length: 35 |
|
||||||
fabric-workers |
Number of worker processes for Security Fabric daemon. |
integer |
Minimum value: 1 Maximum value: 4 |
2 |
||||||
configuration-sync |
Configuration sync mode. |
option |
- |
default |
||||||
|
|
|||||||||
fabric-object-unification |
Fabric CMDB Object Unification. |
option |
- |
default |
||||||
|
|
|||||||||
saml-configuration-sync |
SAML setting configuration synchronization. |
option |
- |
default |
||||||
|
|
config trusted-list
Parameter |
Description |
Type |
Size |
Default |
||||||
---|---|---|---|---|---|---|---|---|---|---|
authorization-type |
Authorization type. |
option |
- |
serial |
||||||
|
|
|||||||||
serial |
Serial. |
string |
Maximum length: 19 |
|
||||||
certificate |
Certificate. |
var-string |
Maximum length: 32767 |
|
||||||
action |
Security fabric authorization action. |
option |
- |
accept |
||||||
|
|
|||||||||
ha-members |
HA members. |
string |
Maximum length: 19 |
|
||||||
downstream-authorization |
Trust authorizations by this node's administrator. |
option |
- |
disable |
||||||
|
|
config fabric-device
Parameter |
Description |
Type |
Size |
Default |
---|---|---|---|---|
device-ip |
Device IP. |
ipv4-address |
Not Specified |
0.0.0.0 |
https-port |
HTTPS port for fabric device. |
integer |
Minimum value: 1 Maximum value: 65535 |
443 |
access-token |
Device access token. |
varlen_password |
Not Specified |
|