Fortinet white logo
Fortinet white logo

Administration Guide

FortiVoice tag dynamic address

FortiVoice tag dynamic address

When a FortiVoice-supplied MAC or IP address is used in a firewall policy, a FortiVoice tag (MAC/IP) dynamic address is automatically created on the FortiGate that contains all the provisioned FortiFones registered with FortiVoice. The dynamic address can be used in firewall policies to restrict rules to authorized FortiFones only. This is useful for large voice deployments that require security and efficiency.

Example

In this example, two FortiFones are registered to FortiVoice and are assigned names and extension numbers. A FortiVoice Fabric connector has been authorized to join the Security Fabric. The dynamic FortiVoice tags are applied to a firewall policy.

To use a FortiVoice tag dynamic firewall address in a policy:
  1. Configure and authorize the FortiVoice Fabric connector (see Configuring FortiVoice for more information).

  2. Go to Policy & Objects > Addresses to view the newly created dynamic firewall address objects:

    1. Expand the FortiVoice Tag (IP Address) section.

      There is one entry, FOV-500000002732_Registered_Phones, which matches 192.168.12.10 to 192.168.12.11.

    2. Expand the FortiVoice Tag (MAC Address) section. There is one entry, MAC_FOV-500000002732_Registered_Phones, which matches two devices. Hover over the device serial number to view the tooltip that contains the MAC address and additional information.

  3. Go to Policy & Objects > Firewall Policy and click Create new or edit an existing policy.

  4. In the Source field, click the + and add the FOV-500000002732_Registered_Phones and MAC_FOV-500000002732_Registered_Phones addresses.

  5. In the Destination field, click the + and add the FOV-500000002732_Registered_Phones address.

  6. Configure the other settings as needed.

  7. Click OK.

FortiVoice tag dynamic address

FortiVoice tag dynamic address

When a FortiVoice-supplied MAC or IP address is used in a firewall policy, a FortiVoice tag (MAC/IP) dynamic address is automatically created on the FortiGate that contains all the provisioned FortiFones registered with FortiVoice. The dynamic address can be used in firewall policies to restrict rules to authorized FortiFones only. This is useful for large voice deployments that require security and efficiency.

Example

In this example, two FortiFones are registered to FortiVoice and are assigned names and extension numbers. A FortiVoice Fabric connector has been authorized to join the Security Fabric. The dynamic FortiVoice tags are applied to a firewall policy.

To use a FortiVoice tag dynamic firewall address in a policy:
  1. Configure and authorize the FortiVoice Fabric connector (see Configuring FortiVoice for more information).

  2. Go to Policy & Objects > Addresses to view the newly created dynamic firewall address objects:

    1. Expand the FortiVoice Tag (IP Address) section.

      There is one entry, FOV-500000002732_Registered_Phones, which matches 192.168.12.10 to 192.168.12.11.

    2. Expand the FortiVoice Tag (MAC Address) section. There is one entry, MAC_FOV-500000002732_Registered_Phones, which matches two devices. Hover over the device serial number to view the tooltip that contains the MAC address and additional information.

  3. Go to Policy & Objects > Firewall Policy and click Create new or edit an existing policy.

  4. In the Source field, click the + and add the FOV-500000002732_Registered_Phones and MAC_FOV-500000002732_Registered_Phones addresses.

  5. In the Destination field, click the + and add the FOV-500000002732_Registered_Phones address.

  6. Configure the other settings as needed.

  7. Click OK.