csf
Use this command to add this device to a Security Fabric or set up a new Security Fabric on this device.
This syntax is used as part of the fabric connection to FortiManager. For more information about establishing this connection, see the FortiManager Administration Guide.
Syntax
config system csf
set accept-auth-by-cert {enable | disable}
set authorization-request-type {certificate | serial}
set certificate <string>
set downstream-access {enable | disable}
set downstream-accprofile <string>
set fabric-workers <integer>
set ssl-protocol {follow-global-ssl-portocol | sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2 | tlsv1.3}
set status {enable | disable}
set upstream <string>
set upstream-confirm
set upstream-port <integer>
config trusted-list
edit <name>
set action {accept | deny}
set adom <adom-name>
set adom-access {all | specify}
set authorization-type {certificate | serial}
set certificate <string>
set ha-members <ha members>
set index <integer>
set serial <string>
end
end
|
Variable |
Description |
|---|---|
|
accept-auth-by-cert {enable | disable} |
Accept connections with unknown certificates and ask admin for approval (default = enable). |
|
authorization-request-type {certificate | serial} |
Authorization request type (default = certificate). |
|
certificate <string> |
Certificate (default = Fortinet_Local). |
|
downstream-access {enable | disable} |
Enable/disable downstream device access to this device's configuration and data (default = disable). |
|
downstream-accprofile <string> |
Default access profile for requests from downstream devices. This option is only available when |
|
fabric-workers <integer> |
Number of worker processes for Security Fabric daemon (default = 2). |
|
ssl-protocol {follow-global-ssl-portocol | sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2 | tlsv1.3} |
Set the lowest SSL protocol version for upstream and downstream connections (default = follow-global-ssl-portocol). The follow-global-ssl-portocol setting follows the setting for: config system global set global-ssl-protocol {sslv3 | tlsv1.0 | tlsv1.1 | tlsv1.2 | tlsv1.3} |
|
status {enable | disable} |
Enable/disable Security Fabric (default = disable). |
|
upstream <string> |
IP/FQDN of the FortiManager upstream from this FortiAnalyzer in the Security Fabric. |
|
upstream-port <integer> |
The port number to use to communicate with the FortiManager upstream from this FortiAnalyzer in the Security Fabric (default = 8013). |
|
Variables for |
|
|
<name> |
Name. |
|
action {accept | deny} |
Security fabric authorization action (default = accept). |
|
adom <adom-name> |
Specify the ADOMs for This variable is only available when |
|
adom-access {all | specify} |
Select the adom access:
|
|
authorization-type {certificate | serial} |
Authorization type (default = serial). |
|
certificate <string> |
Certificate. |
|
ha-members <ha members> |
HA members. |
|
index <integer> |
Index of the downstream in tree (default = 0). |
|
serial <string> |
Serial. |