Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.8
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    Home FortiWeb 7.6.8 CLI Reference
    7.6.8
    8.0.5
    8.0.4
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.8
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    5.7.0
    5.6.1
    5.6.0

    system hsm partition

    system hsm partition

    Use this command to configure and map database information for the cryptographic storage partition assigned to the FortiWeb Luna HSM client. These parameters establish how the appliance locates, authenticates, and connects to an isolated hardware security module (HSM) partition workspace.

    Before you can view or modify HSM configurations in the CLI or access HSM settings within the GUI, you must globally activate the backend daemons using the following command:

    config server-policy setting

    set hsm enable

    For additional global status configurations and high-availability bundle arrays, see system hsm info. For detailed information on integrating HSM with FortiWeb, see the FortiWeb Administration Guide:

    https://docs.fortinet.com/product/fortiweb/

    To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

    Syntax

    config system hsm partition

    edit "<partition_name>"

    set label <partition_label>

    set server <server_ip>

    set password <password_int>

    set serial-number <digits>

    next

    end

    Variable Description Default

    "<partition_name>"

    		 Enter the name of a partition that the FortiWeb HSM client is assigned to. No default.

    label <partition_label>

    Enter the exact name of the target cryptographic partition as it is defined and labeled on the remote Luna HSM appliance server interface.

    No default.

    server <server_ip>

    Enter the network IP address of the remote Luna HSM server hosting the designated storage partition workspace. This must match an active server target enrolled via the GUI network definitions.

    No default.

    password <password_int>

    Enter the Crypto Officer (CO) password required to authenticate access and establish a secure execution space inside the hardware partition slice.

    Critical Rule:

    This parameter is strictly read-only and immutable once committed. To change or fix a password typo, the entire partition entry object must be deleted and reconfigured. Complex strings containing special characters, such as two consecutive dollar signs ($$), are interpreted strictly as literal text data strings rather than system process variables, removing shell injection vulnerabilities.

    		 No default.

    serial-number <digits>

    Enter the unique 9 to 16 digit physical hardware serial number belonging to the target partition on the Luna HSM server.

    Usage Rule:

    This parameter is immutable once written to database storage. This field is optional for baseline configurations but is required for complex environments where duplicate partition label strings exist across different physical HSM host nodes. FortiWeb combines this serial value with the label string to accurately resolve isolated hardware slot paths. If omitted, FortiWeb automatically binds with the first discovered partition matching the label criteria.

    No default.

    Related topics

    Previous
    Next

    system hsm partition

    system hsm partition

    Use this command to configure and map database information for the cryptographic storage partition assigned to the FortiWeb Luna HSM client. These parameters establish how the appliance locates, authenticates, and connects to an isolated hardware security module (HSM) partition workspace.

    Before you can view or modify HSM configurations in the CLI or access HSM settings within the GUI, you must globally activate the backend daemons using the following command:

    config server-policy setting

    set hsm enable

    For additional global status configurations and high-availability bundle arrays, see system hsm info. For detailed information on integrating HSM with FortiWeb, see the FortiWeb Administration Guide:

    https://docs.fortinet.com/product/fortiweb/

    To use this command, your administrator account’s access control profile must have either w or rw permission to the sysgrp area. For details, see Permissions.

    Syntax

    config system hsm partition

    edit "<partition_name>"

    set label <partition_label>

    set server <server_ip>

    set password <password_int>

    set serial-number <digits>

    next

    end

    Variable Description Default

    "<partition_name>"

    		 Enter the name of a partition that the FortiWeb HSM client is assigned to. No default.

    label <partition_label>

    Enter the exact name of the target cryptographic partition as it is defined and labeled on the remote Luna HSM appliance server interface.

    No default.

    server <server_ip>

    Enter the network IP address of the remote Luna HSM server hosting the designated storage partition workspace. This must match an active server target enrolled via the GUI network definitions.

    No default.

    password <password_int>

    Enter the Crypto Officer (CO) password required to authenticate access and establish a secure execution space inside the hardware partition slice.

    Critical Rule:

    This parameter is strictly read-only and immutable once committed. To change or fix a password typo, the entire partition entry object must be deleted and reconfigured. Complex strings containing special characters, such as two consecutive dollar signs ($$), are interpreted strictly as literal text data strings rather than system process variables, removing shell injection vulnerabilities.

    		 No default.

    serial-number <digits>

    Enter the unique 9 to 16 digit physical hardware serial number belonging to the target partition on the Luna HSM server.

    Usage Rule:

    This parameter is immutable once written to database storage. This field is optional for baseline configurations but is required for complex environments where duplicate partition label strings exist across different physical HSM host nodes. FortiWeb combines this serial value with the label string to accurately resolve isolated hardware slot paths. If omitted, FortiWeb automatically binds with the first discovered partition matching the label criteria.

    No default.

    Related topics

    Previous
    Next