Hosts

Hosts define sources and destinations of network traffic. You can use hosts to define the Source and Destination fields in an Internet Access or Private Access policy based on its selected Location.

When creating a host, there are several host types that you can specify. Which one you choose depends on which method most easily yet accurately describes the hosts that you are trying to include with as few entries as possible based on the information that you have. For instance, if you are trying to describe the hosts of a specific company’s web server but do not know how extensive their web server farm is, you would be more likely to use a fully qualified domain name (FQDN) rather than a specific IP address range. On the other hand, some computers do not have FQDNs, so configuring a specific IP address range is preferable.

If you have several hosts that will commonly be treated the same or require the same security policies, you can put them into host groups, rather than entering multiple individual hosts in each policy that refers to them.

When you configure a host group with no members in a policy, the policy does not match any traffic and just matches the implicit deny policy.

To configure a host:

1. Go to Configuration > Hosts.
2. Click Create > Host.
3. For Location, select the appropriate traffic direction for the host object based on its intended usage:

   Host type	Description
   Ingress	Host object is available for usage in Source field of Internet Access and Private Access policies.
   Internet	Host object is available for usage in Destination field of Internet Access policies.
   Private Access Hub	Host object is available for usage in Destination field of Private Access policies.
   Unspecified	When selected, you can use the address object in the Source and Destination fields of Internet Access and Private Access policies.

4. For Name, enter the desired name for this host.
5. From the Type dropdown list, select the desired host type. The configured Location affects which host types are available:

   Host type	Description
   Subnet	The subnet host type is expressed using a host address and a subnet mask. This is the most flexible host type because the host can refer to as little as one individual address (x.x.x.x/32) or as many as all of the available addresses (0.0.0.0/0). In the IP/Netmask field, enter the desired subnet. For example, you could enter 192.168.1.0/24.
   IP range	You can use the IP range type to define a continuous set of IP addresses between one specific IP address and another (inclusive). It is a flexible way to describe a continuous set of addresses while being specific and granular without needing to fall within the boundaries of standard subnets. In the IP Range field, enter the desired IP address range. For example, you could enter 192.168.1.0-192.168.1.252.
   FQDN	The FQDN address type accepts an address string and resolves it to one or more IP addresses. It relies on DNS to keep up with address changes without having to manually change the IP addresses on FortiSASE. In the FQDN field, configure the desired FQDN. For example, you could enter www.example.com. You can also specify an FQDN as a wildcard address, such as *.example.com.
   Geography	Geography addresses are those determined by the country or region of origin. The IP addresses for the country or region are automatically determined from the Geography IP database. From the Country/Region dropdown list, select the desired country or region.

6. Click OK.

To configure a host group:

1. Go to Configuration > Hosts.
2. Click Create > Host Group.
3. For Name, enter the desired name for this host group.
4. In Members, click +. In the Select Entries pane, select the desired hosts and host groups to include in this host group.

5. Click OK.

You can configure the host or host group as a source or destination in an Internet Access or Private Access policy. See Adding policies to perform granular firewall actions and inspection .