config system csf
Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
config system csf
Description: Add this FortiGate to a Security Fabric or set up a new Security Fabric on this FortiGate.
set accept-auth-by-cert [disable|enable]
set authorization-request-type [serial|certificate]
set certificate {string}
set configuration-sync [default|local]
set downstream-access [enable|disable]
set downstream-accprofile {string}
config fabric-connector
Description: Fabric connector configuration.
edit <serial>
set accprofile {string}
set configuration-write-access [enable|disable]
next
end
set fabric-object-unification [default|local]
set fabric-workers {integer}
set file-mgmt [enable|disable]
set file-quota {integer}
set file-quota-warning {integer}
set forticloud-account-enforcement [enable|disable]
set group-name {string}
set group-password {password}
set log-unification [disable|enable]
set saml-configuration-sync [default|local]
set source-ip {ipv4-address}
set status [enable|disable]
config trusted-list
Description: Pre-authorized and blocked security fabric nodes.
edit <name>
set authorization-type [serial|certificate]
set serial {string}
set certificate {var-string}
set action [accept|deny]
set ha-members {string}
set downstream-authorization [enable|disable]
set index {integer}
next
end
set upstream {string}
set upstream-interface {string}
set upstream-interface-select-method [auto|sdwan|...]
set upstream-port {integer}
end
config system csf
|
Parameter |
Description |
Type |
Size |
Default |
||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
accept-auth-by-cert |
Accept connections with unknown certificates and ask admin for approval. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
authorization-request-type |
Authorization request type. |
option |
- |
serial |
||||||||
|
|
|
|||||||||||
|
certificate |
Certificate. |
string |
Maximum length: 35 |
|
||||||||
|
configuration-sync |
Configuration sync mode. |
option |
- |
default |
||||||||
|
|
|
|||||||||||
|
downstream-access |
Enable/disable downstream device access to this device's configuration and data. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
downstream-accprofile |
Default access profile for requests from downstream devices. |
string |
Maximum length: 35 |
|
||||||||
|
fabric-object-unification |
Fabric CMDB Object Unification. |
option |
- |
default |
||||||||
|
|
|
|||||||||||
|
fabric-workers |
Number of worker processes for Security Fabric daemon. |
integer |
Minimum value: 1 Maximum value: 4 |
2 |
||||||||
|
file-mgmt |
Enable/disable Security Fabric daemon file management. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
file-quota |
Maximum amount of memory that can be used by the daemon files (in bytes). |
integer |
Minimum value: 0 Maximum value: 4294967295 |
268435456 |
||||||||
|
file-quota-warning |
Warn when the set percentage of quota has been used. |
integer |
Minimum value: 1 Maximum value: 99 |
90 |
||||||||
|
forticloud-account-enforcement |
Fabric FortiCloud account unification. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
group-name |
Security Fabric group name. All FortiGates in a Security Fabric must have the same group name. |
string |
Maximum length: 35 |
|
||||||||
|
group-password |
Security Fabric group password. All FortiGates in a Security Fabric must have the same group password. |
password |
Not Specified |
|
||||||||
|
log-unification |
Enable/disable broadcast of discovery messages for log unification. |
option |
- |
enable |
||||||||
|
|
|
|||||||||||
|
saml-configuration-sync |
SAML setting configuration synchronization. |
option |
- |
default |
||||||||
|
|
|
|||||||||||
|
source-ip |
Source IP address for communication with the upstream FortiGate. |
ipv4-address |
Not Specified |
0.0.0.0 |
||||||||
|
status |
Enable/disable Security Fabric. |
option |
- |
disable |
||||||||
|
|
|
|||||||||||
|
upstream |
IP/FQDN of the FortiGate upstream from this FortiGate in the Security Fabric. |
string |
Maximum length: 255 |
|
||||||||
|
upstream-interface |
Specify outgoing interface to reach server. |
string |
Maximum length: 15 |
|
||||||||
|
upstream-interface-select-method |
Specify how to select outgoing interface to reach server. |
option |
- |
auto |
||||||||
|
|
|
|||||||||||
|
upstream-port |
The port number to use to communicate with the FortiGate upstream from this FortiGate in the Security Fabric. |
integer |
Minimum value: 1 Maximum value: 65535 |
8013 |
||||||||
config fabric-connector
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
serial |
Serial. |
string |
Maximum length: 19 |
|
||||||
|
accprofile |
Override access profile. |
string |
Maximum length: 35 |
|
||||||
|
configuration-write-access |
Enable/disable downstream device write access to configuration. |
option |
- |
disable |
||||||
|
|
|
|||||||||
config trusted-list
|
Parameter |
Description |
Type |
Size |
Default |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
name |
Name. |
string |
Maximum length: 35 |
|
||||||
|
authorization-type |
Authorization type. |
option |
- |
serial |
||||||
|
|
|
|||||||||
|
serial |
Serial. |
string |
Maximum length: 19 |
|
||||||
|
certificate |
Certificate. |
var-string |
Maximum length: 32767 |
|
||||||
|
action |
Security fabric authorization action. |
option |
- |
accept |
||||||
|
|
|
|||||||||
|
ha-members |
HA members. |
string |
Maximum length: 19 |
|
||||||
|
downstream-authorization |
Trust authorizations by this node's administrator. |
option |
- |
disable |
||||||
|
|
|
|||||||||
|
index |
Index of the downstream in tree. |
integer |
Minimum value: 1 Maximum value: 1024 |
0 |
||||||