Fortinet white logo
Fortinet white logo

Handbook

Address and Service

Address and Service

Address IPv4

You can create address objects to identify IPv4 addresses and subnets that you want to match in the following policy rule bases:

  • Global ACL
  • Do Not Track
  • SPP ACL
  • TCP Session Extended Source Address IPv4

Before you begin:

  • You must have Read-Write permission for Global Settings.
To configure IPv4 addresses:
  1. Go to System > Address and Service> Address IPv4.
  2. Click Add to display the configuration editor.
  3. Complete the configuration as described in the following table.
  4. Save the configuration.

Setting

Description

Name Configuration name. Must not contain spaces.
Type

Address Netmask- Create an entry for a subnet using an IP address/mask notation.

Address Range - Create an entry for a address range with “Address Range From” and “To” .

Geo - Create an entry for an address list belonging to a country or area.

Note: In the Global ACL for IPv4 addresses, you can add “deny rules” based on specified IP addresses or IP netmask configuration objects; you can add “allow rules” based on IP address configuration objects only.

Tooltip

To configure using the CLI:

config system address4

edit addr1

set type {ip-netmask|ip-range|geo}

set ip-netmask <ip/mask>

set ip-max <ip>

set ip-min <ip>

set country <string>

next

end

Address IPv4 Group

Create an address group to include one or more address objects.

To configure IPv4 Address Group:
  1. Go to System > Address and Service> Address IPv4 Group.
  2. Click Add to display the configuration editor.
  3. Complete the configuration and click Save.
Tooltip

To configure using the CLI:

config system addressgrp

edit <name>

set member-list <address1> <address2> …

next

end

Address IPv6

You create address objects to identify IPv6 addresses and subnets that you want to match in the following policy rule bases:

  • Global ACL
  • Do Not Track
  • SPP ACL

Before you begin:

  • You must have Read-Write permission for Global Settings.
To configure IPv6 addresses:
  1. Go to Global System > Address and Service> Address IPv6.
  2. Click Add to display the configuration editor.
  3. Complete the configuration and click Save.
Tooltip

To configure using the CLI:

config system addressgrp

edit <name>

set member-list <address1> <address2> …

next

end

Address IPv6 Group

To configure IPv6 Address Group:
  1. Go to System > Address and Service> Address IPv4 Group.
  2. Click Add to display the configuration editor.
  3. Complete the configuration and click Save.
Tooltip

To configure using the CLI:

config system addressgrp6

edit <name>

set member-list <address ipv6> <address ipv6> …

next

end

Service

You configure service objects to identify the services that you want to match in SPP ACL or Global ACL policies.

Before you begin:

  • You must have Read-Write permission for Protection Profile settings.
To configure service objects:
  1. Go to System > Address and Service> Service.
  2. View all build-in service.
  3. Click Add to display the configuration editor.
  4. Select Protocol type and set protocol ID.
  5. Complete the configuration and click Save.

Tooltip

To configure using the CLI:

config system service

edit <name>

set protocol-type {ip|icmp|tcp|udp|tcp-and-udp}

set specify-source-port {enable|disable}

set source-port-min <0-65535>

set source-port-max <0-65535>

set destination-port-min <0-65535>

set destination-port-max <0-65535>

next

end

Service Group

To configure Service Group:

1. Go to System > Address and Service> Service Group.

2. Click Add to display the configuration editor.

3. Complete the configuration and click Save.

Tooltip

To configure using the CLI:

config system servicegrp

edit <name>

set member-list <service1> <service2> …

next

end

Address and Service

Address and Service

Address IPv4

You can create address objects to identify IPv4 addresses and subnets that you want to match in the following policy rule bases:

  • Global ACL
  • Do Not Track
  • SPP ACL
  • TCP Session Extended Source Address IPv4

Before you begin:

  • You must have Read-Write permission for Global Settings.
To configure IPv4 addresses:
  1. Go to System > Address and Service> Address IPv4.
  2. Click Add to display the configuration editor.
  3. Complete the configuration as described in the following table.
  4. Save the configuration.

Setting

Description

Name Configuration name. Must not contain spaces.
Type

Address Netmask- Create an entry for a subnet using an IP address/mask notation.

Address Range - Create an entry for a address range with “Address Range From” and “To” .

Geo - Create an entry for an address list belonging to a country or area.

Note: In the Global ACL for IPv4 addresses, you can add “deny rules” based on specified IP addresses or IP netmask configuration objects; you can add “allow rules” based on IP address configuration objects only.

Tooltip

To configure using the CLI:

config system address4

edit addr1

set type {ip-netmask|ip-range|geo}

set ip-netmask <ip/mask>

set ip-max <ip>

set ip-min <ip>

set country <string>

next

end

Address IPv4 Group

Create an address group to include one or more address objects.

To configure IPv4 Address Group:
  1. Go to System > Address and Service> Address IPv4 Group.
  2. Click Add to display the configuration editor.
  3. Complete the configuration and click Save.
Tooltip

To configure using the CLI:

config system addressgrp

edit <name>

set member-list <address1> <address2> …

next

end

Address IPv6

You create address objects to identify IPv6 addresses and subnets that you want to match in the following policy rule bases:

  • Global ACL
  • Do Not Track
  • SPP ACL

Before you begin:

  • You must have Read-Write permission for Global Settings.
To configure IPv6 addresses:
  1. Go to Global System > Address and Service> Address IPv6.
  2. Click Add to display the configuration editor.
  3. Complete the configuration and click Save.
Tooltip

To configure using the CLI:

config system addressgrp

edit <name>

set member-list <address1> <address2> …

next

end

Address IPv6 Group

To configure IPv6 Address Group:
  1. Go to System > Address and Service> Address IPv4 Group.
  2. Click Add to display the configuration editor.
  3. Complete the configuration and click Save.
Tooltip

To configure using the CLI:

config system addressgrp6

edit <name>

set member-list <address ipv6> <address ipv6> …

next

end

Service

You configure service objects to identify the services that you want to match in SPP ACL or Global ACL policies.

Before you begin:

  • You must have Read-Write permission for Protection Profile settings.
To configure service objects:
  1. Go to System > Address and Service> Service.
  2. View all build-in service.
  3. Click Add to display the configuration editor.
  4. Select Protocol type and set protocol ID.
  5. Complete the configuration and click Save.

Tooltip

To configure using the CLI:

config system service

edit <name>

set protocol-type {ip|icmp|tcp|udp|tcp-and-udp}

set specify-source-port {enable|disable}

set source-port-min <0-65535>

set source-port-max <0-65535>

set destination-port-min <0-65535>

set destination-port-max <0-65535>

next

end

Service Group

To configure Service Group:

1. Go to System > Address and Service> Service Group.

2. Click Add to display the configuration editor.

3. Complete the configuration and click Save.

Tooltip

To configure using the CLI:

config system servicegrp

edit <name>

set member-list <service1> <service2> …

next

end