config system isp-addr
Use this command to amend the predefined and restored ISP address books, or to configure new ISP address books.
The following policies use the ISP address book objects:
- ISP routes
- LLB proximity routes
- LLB policies
- GLB data center configuration
ISP address books contain IP subnet addresses and associated province location settings for ISP links. The province setting is used in GLB deployments in China to enable location awareness that is province-specific. For example, a user can be directed to a datacenter in Beijing or Guangdong rather than simply China.
Figure 4 shows the three types of address book entries:
- Predefined—Addresses and associated province location settings for China Mobile, China Telecom, and China Unicom. The IP subnet addresses in the predefined address books are not exposed in the user interface. The predefined package is provided to make it easier for you to configure a route when all you know and all you need to know is the name of the ISP that hosts the link.
- Restored—Addresses imported from a text file. The IP subnet addresses in the restored address books are not exposed in the user interface. “Restored” addresses can help you rapidly build an ISP address book configuration.
- User-defined—In the ISP address configuration, you can modify the predefined and restored address books by specifying subnets to add or exclude from them. This gives you flexibility in case you encounter address conflicts or the ISP instructs you to add a subnet address manually. You can also create new user-defined entries for other ISPs.
In systems with multiple VDOMs, these commands apply to the current VDOM only. In other words, if you configure an exclusion, it is applicable to the current VDOM only; it does not change the predefined address book. |
You can use the execute isplookup command to see whether an IP address belongs to any of the address books. If an address is can be found in more than one address book, the results are returned in the following priority: user-defined, restored, predefined.
The text file for the Restored entries has the following format:
#this is a comment line
ISP name:ABC
Province:Beijing
1.1.1.0/24
Province:Unknown
2.2.0.0 255.255.0.0
#this is a comment line too
3.3.3.3/32
ISP name:DEF
Province:Shanghai
4.4.4.0 255.255.255.0
5.5.0.0/16
You use the execute restore command to import the file and the execute backup command to export it.
You use the execute clean command to erase entries that were imported from the text file. The clean operation does not affect the predefined addresses or user-configured entries. If a restored entry has user-configured elements (for example, an exclude list), the clean operation clears the addresses but preserves the configuration and converts it to a user-defined type.
Basic Steps
- Create address objects.
- Specify them when you configure your policies.
Before you begin:
- You must have read-write permission for system settings.
Syntax
config system isp-addr
edit china-mobile
config exclude-address
edit <No.>
set ip-netmask <ip&netmask>
next
end
config address
edit <No.>
set ip-netmask <ip&netmask>
set province <datasource>
next
end
next
edit china-telecom
config exclude-address
edit <No.>
set ip-netmask <ip&netmask>
next
end
config address
edit <No.>
set ip-netmask <ip&netmask>
set province <datasource>
next
end
next
edit china-unicom
config exclude-address
edit <No.>
set ip-netmask <ip&netmask>
next
end
config address
edit <No.>
set ip-netmask <ip&netmask>
set province <datasource>
next
end
next
edit <name>
config address
edit <No.>
set ip-netmask <ip&netmask>
set province <datasource>
next
end
next
end
ip-netmask |
Specify addresses to exclude or add using the address/mask notation. |
||
province
|
Specify the associated province location. The configuration supports the following selections: |
||
Anhui Beijing Chongqing Fujian Gansu Guangdong Guangxi Guizhou Hainan Hebei Heilongjiang |
Henan Hubei Hunan Jiangsu Jiangxi Jilin Liaoning Neimenggu Ningxia Qinghai Shandong Shanghai |
Shanxi(taiyuan) Shanxi(xian) Sichuan Tianjin Xianggang Xinjiang Xizang Yunnan Zhejiang Unknown |
Note: Each VDOM can have up to 32 main entries.
Example
FortiADC-VM # config system isp-addr
FortiADC-VM (isp-addr) # edit china-mobile
FortiADC-VM (china-mobile) # get
type : predef
FortiADC-VM (china-mobile) # config address
FortiADC-VM (address) # edit 1
Add new entry '1' for node 2739
FortiADC-VM (1) # get
ip-netmask : 0.0.0.0/0
province :
FortiADC-VM (1) # set ip-netmask 192.168.1.0/24
FortiADC-VM (1) # set province Beijing
FortiADC-VM (1) # end
FortiADC-VM (china-mobile) # end