Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.2.9
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config system csf

    config system csf

    Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

    config system csf

    Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

    set status [enable|disable]

    set upstream-ip {ipv4-address}

    set upstream-port {integer}

    set group-name {string}

    set group-password {password}

    set configuration-sync [default|local]

    set management-ip {string}

    set management-port {integer}

    config trusted-list

    Description: Pre-authorized and blocked security fabric nodes.

    edit <serial>

    set action [accept|deny]

    set ha-members {string}

    set downstream-authorization [enable|disable]

    next

    end

    config fabric-device

    Description: Fabric device configuration.

    edit <name>

    set device-ip {ipv4-address}

    set https-port {integer}

    set access-token {varlen_password}

    next

    end

    end

    config system csf

    Parameter

    Description

    Type

    Size

    status

    Enable/disable Security Fabric.

    option

    -

    Option

    Description

    enable

    Enable Security Fabric.

    disable

    Disable Security Fabric.

    upstream-ip

    IP address of the FortiGate upstream from this FortiGate in the Security Fabric.

    ipv4-address

    Not Specified

    upstream-port

    The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric .

    integer

    Minimum value: 1 Maximum value: 65535

    group-name

    Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.

    string

    Maximum length: 35

    group-password

    Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.

    password

    Not Specified

    configuration-sync

    Configuration sync mode.

    option

    -

    Option

    Description

    default

    Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.

    local

    Do not synchronize configuration with root node.

    management-ip

    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.

    string

    Maximum length: 255

    management-port

    Overriding port for management connection (Overrides admin port).

    integer

    Minimum value: 0 Maximum value: 65535

    config trusted-list

    Parameter

    Description

    Type

    Size

    action

    Security fabric authorization action.

    option

    -

    Option

    Description

    accept

    Accept authorization request.

    deny

    Deny authorization request.

    ha-members

    HA members.

    string

    Maximum length: 19

    downstream-authorization

    Trust authorizations by this node's administrator.

    option

    -

    Option

    Description

    enable

    Enable downstream authorization.

    disable

    Disable downstream authorization.

    config fabric-device

    Parameter

    Description

    Type

    Size

    device-ip

    Device IP.

    ipv4-address

    Not Specified

    https-port

    HTTPS port for fabric device.

    integer

    Minimum value: 1 Maximum value: 65535

    access-token

    Device access token.

    varlen_password

    Not Specified
    Previous
    Next

    config system csf

    config system csf

    Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

    config system csf

    Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.

    set status [enable|disable]

    set upstream-ip {ipv4-address}

    set upstream-port {integer}

    set group-name {string}

    set group-password {password}

    set configuration-sync [default|local]

    set management-ip {string}

    set management-port {integer}

    config trusted-list

    Description: Pre-authorized and blocked security fabric nodes.

    edit <serial>

    set action [accept|deny]

    set ha-members {string}

    set downstream-authorization [enable|disable]

    next

    end

    config fabric-device

    Description: Fabric device configuration.

    edit <name>

    set device-ip {ipv4-address}

    set https-port {integer}

    set access-token {varlen_password}

    next

    end

    end

    config system csf

    Parameter

    Description

    Type

    Size

    status

    Enable/disable Security Fabric.

    option

    -

    Option

    Description

    enable

    Enable Security Fabric.

    disable

    Disable Security Fabric.

    upstream-ip

    IP address of the FortiGate upstream from this FortiGate in the Security Fabric.

    ipv4-address

    Not Specified

    upstream-port

    The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric .

    integer

    Minimum value: 1 Maximum value: 65535

    group-name

    Security Fabric group name. All FortiGates in a Security Fabric must have the same group name.

    string

    Maximum length: 35

    group-password

    Security Fabric group password. All FortiGates in a Security Fabric must have the same group password.

    password

    Not Specified

    configuration-sync

    Configuration sync mode.

    option

    -

    Option

    Description

    default

    Synchronize configuration for FortiAnalyzer, FortiSandbox and Central Management to root node.

    local

    Do not synchronize configuration with root node.

    management-ip

    Management IP address of this FortiGate. Used to log into this FortiGate from another FortiGate in the Security Fabric.

    string

    Maximum length: 255

    management-port

    Overriding port for management connection (Overrides admin port).

    integer

    Minimum value: 0 Maximum value: 65535

    config trusted-list

    Parameter

    Description

    Type

    Size

    action

    Security fabric authorization action.

    option

    -

    Option

    Description

    accept

    Accept authorization request.

    deny

    Deny authorization request.

    ha-members

    HA members.

    string

    Maximum length: 19

    downstream-authorization

    Trust authorizations by this node's administrator.

    option

    -

    Option

    Description

    enable

    Enable downstream authorization.

    disable

    Disable downstream authorization.

    config fabric-device

    Parameter

    Description

    Type

    Size

    device-ip

    Device IP.

    ipv4-address

    Not Specified

    https-port

    HTTPS port for fabric device.

    integer

    Minimum value: 1 Maximum value: 65535

    access-token

    Device access token.

    varlen_password

    Not Specified
    Previous
    Next