config system csf
Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
config system csf
Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
set accept-auth-by-cert [disable|enable]
set authorization-request-type [serial|certificate]
set certificate {string}
set configuration-sync [default|local]
set downstream-access [enable|disable]
set downstream-accprofile {string}
config fabric-connector
Description: Fabric connector configuration.
edit <serial>
set accprofile {string}
set configuration-write-access [enable|disable]
set vdom <name1>, <name2>, ...
next
end
set fabric-object-unification [default|local]
set fabric-workers {integer}
set file-mgmt [enable|disable]
set file-quota {integer}
set file-quota-warning {integer}
set forticloud-account-enforcement [enable|disable]
set group-name {string}
set group-password {password}
set log-unification [disable|enable]
set saml-configuration-sync [default|local]
set source-ip {ipv4-address}
set status [enable|disable]
config trusted-list
Description: Pre-authorized and blocked security fabric nodes.
edit <name>
set action [accept|deny]
set authorization-type [serial|certificate]
set certificate {var-string}
set downstream-authorization [enable|disable]
set ha-members {string}
set index {integer}
set serial {string}
next
end
set uid {string}
set upstream {string}
set upstream-interface {string}
set upstream-interface-select-method [auto|sdwan|...]
set upstream-port {integer}
end
config system csf
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
accept-auth-by-cert |
Accept connections with unknown certificates and ask admin for approval. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
authorization-request-type |
Authorization request type. |
option |
- |
serial |
||||||||
|
|
|
|||||||||||
|
certificate |
Certificate. |
string |
Maximum length: 35 |
|
||||||||
|
configuration-sync |
Configuration sync mode. |
option |
- |
default |
||||||||
|
|
|
|||||||||||
|
downstream-access |
Enable/disable downstream device access to this device's configuration and data. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
downstream-accprofile |
Default access profile for requests from downstream devices. |
string |
Maximum length: 35 |
|
||||||||
|
fabric-object-unification |
Fabric CMDB Object Unification. |
option |
- |
default |
||||||||
|
|
|
|||||||||||
|
fabric-workers |
Number of worker processes for Security Fabric daemon. |
integer |
Minimum value: 1 Maximum value: 4 |
2 |
||||||||
|
file-mgmt |
Enable/disable Security Fabric daemon file management. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
file-quota |
Maximum amount of memory that can be used by the daemon files (in bytes). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
0 |
||||||||
|
file-quota-warning |
Warn when the set percentage of quota has been used. |
integer |
Minimum value: 1 Maximum value: 99 |
90 |
||||||||
|
forticloud-account-enforcement |
Fabric FortiCloud account unification. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
group-name |
Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. |
string |
Maximum length: 35 |
|
||||||||
|
group-password |
Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. |
password |
Not Specified |
|
||||||||
|
log-unification |
Enable/disable broadcast of discovery messages for log unification. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
saml-configuration-sync |
SAML setting configuration synchronization. |
option |
- |
default |
||||||||
|
|
|
|||||||||||
|
source-ip |
Source IP address for communication with the upstream FortiGate. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
status |
Enable/disable Security Fabric. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
uid |
Unique ID of the current CSF node |
string |
Maximum length: 35 |
|
||||||||
|
upstream |
IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric. |
string |
Maximum length: 255 |
|
||||||||
|
upstream-interface |
Specify outgoing interface to reach server. |
string |
Maximum length: 15 |
|
||||||||
|
upstream-interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
auto |
||||||||
|
|
|
|||||||||||
|
upstream-port |
The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric. |
integer |
Minimum value: 1 Maximum value: 65535 |
8013 |
||||||||
config fabric-connector
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
accprofile |
Override access profile. |
string |
Maximum length: 35 |
|
||||||
|
configuration-write-access |
Enable/disable downstream device write access to configuration. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
serial |
Serial. |
string |
Maximum length: 19 |
|
||||||
|
vdom |
Virtual domains that the connector has access to. If none are set, the connector will only have access to the VDOM that it joins the Security Fabric through. Virtual domain name. |
string |
Maximum length: 79 |
|
||||||
config trusted-list
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
action |
Security fabric authorization action. |
option |
- |
accept |
||||||
|
|
|
|||||||||
|
authorization-type |
Authorization type. |
option |
- |
serial |
||||||
|
|
|
|||||||||
|
certificate |
Certificate. |
var-string |
Maximum length: 32767 |
|
||||||
|
downstream-authorization |
Trust authorizations by this node's administrator. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
ha-members |
HA members. |
string |
Maximum length: 19 |
|
||||||
|
index |
Index of the downstream in tree. |
integer |
Minimum value: 1 Maximum value: 1024 |
0 |
||||||
|
name |
Name. |
string |
Maximum length: 35 |
|
||||||
|
serial |
Serial. |
string |
Maximum length: 19 |
|
||||||