Fortinet black logo

Handbook

Firewall addresses

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:762062
Download PDF

Firewall addresses

Scenario: Mail server

You need to create an IPv6 address for the Mail Server on Port1 of your internal network. This server is on the network off of port1.

  • The IP address is 2001:db8:0:2::20/128
  • There should be a tag for this address being for a server.
Configuring the Example using the GUI
  1. Go to Policy & Objects > Objects > Addresses and select Create New > Address.
  2. Select IPv6 Address and fill out the fields with the following information
    NameMail_Server
    TypeSubnet
    IPv6 Address2001:db8:0:2::20/128
  3. Select OK.
Configuring the Example using the CLI

Enter the following CLI command:

config firewall address6

edit Mail_Server

set type ipprefix

set subnet 2001:db8:0:2::20/128

end

Scenario: First floor network

You need to create an IPv6 address for the subnet of the internal network off of Port1. These computers connect to port1. The network uses the IPv6 addresses: fdde:5a7d:f40b:2e9d:xxxx:xxxx:xxxx:xxxx

There should be a reference to this being the network for the 1st floor of the building.

  1. Go to Policy & Objects > Objects > Addresses
  2. Select Create New > Address.Select IPv6 Address and fill out the fields with the following information:
    NameInternal_Subnet_1
    TypeSubnet / IP Range
    IPv6 Address2001:db8:0:2::/64
    CommentsNetwork for 1st Floor
  3. Select OK.
  4. Enter the following CLI command:

    config firewall address6

    edit Internal_Subnet_1

    set comment "Network for 1st Floor"

    set type ipprefix

    set subnet 2001:db8:0:2::/64

    end

Scenario: Accounting team

You need to create an IPv6 address for the Accounting Team that's on the 1st Floor. These users are off of various ports of the FortiGate, but they have all been assigned addresses between 2001:db8:0:2::2000 and 2001:db8:0:2::a000

Configuring the example using the GUI
  1. Go to Policy & Objects > Objects > Addresses and select Create New > Address.
  2. Select IPv6 Address and fill out the fields with the following information
    NameAccounting_Team
    TypeIP Range
    Subnet / IP Range2001:db8:0:2::2000-2001:db8:0:2::a000
  3. Select OK.
Configuring the Example using the CLI

Enter the following CLI command:

config firewall address6

edit Accounting_Team

set type iprange

set visibility enable

set start-ip 2001:db8:0:2::2000

set end-ip 2001:db8:0:2::a000

end

To verify that the addresses were added correctly:
  1. Go to Policy & Objects > Objects > Addresses. Check that the addresses have been added to the address list and that they are correct.

  2. Enter the following CLI command:
  3. config firewall address6

    edit <the name of the address that you wish to verify>

    Show full-configuration

Firewall addresses

Scenario: Mail server

You need to create an IPv6 address for the Mail Server on Port1 of your internal network. This server is on the network off of port1.

  • The IP address is 2001:db8:0:2::20/128
  • There should be a tag for this address being for a server.
Configuring the Example using the GUI
  1. Go to Policy & Objects > Objects > Addresses and select Create New > Address.
  2. Select IPv6 Address and fill out the fields with the following information
    NameMail_Server
    TypeSubnet
    IPv6 Address2001:db8:0:2::20/128
  3. Select OK.
Configuring the Example using the CLI

Enter the following CLI command:

config firewall address6

edit Mail_Server

set type ipprefix

set subnet 2001:db8:0:2::20/128

end

Scenario: First floor network

You need to create an IPv6 address for the subnet of the internal network off of Port1. These computers connect to port1. The network uses the IPv6 addresses: fdde:5a7d:f40b:2e9d:xxxx:xxxx:xxxx:xxxx

There should be a reference to this being the network for the 1st floor of the building.

  1. Go to Policy & Objects > Objects > Addresses
  2. Select Create New > Address.Select IPv6 Address and fill out the fields with the following information:
    NameInternal_Subnet_1
    TypeSubnet / IP Range
    IPv6 Address2001:db8:0:2::/64
    CommentsNetwork for 1st Floor
  3. Select OK.
  4. Enter the following CLI command:

    config firewall address6

    edit Internal_Subnet_1

    set comment "Network for 1st Floor"

    set type ipprefix

    set subnet 2001:db8:0:2::/64

    end

Scenario: Accounting team

You need to create an IPv6 address for the Accounting Team that's on the 1st Floor. These users are off of various ports of the FortiGate, but they have all been assigned addresses between 2001:db8:0:2::2000 and 2001:db8:0:2::a000

Configuring the example using the GUI
  1. Go to Policy & Objects > Objects > Addresses and select Create New > Address.
  2. Select IPv6 Address and fill out the fields with the following information
    NameAccounting_Team
    TypeIP Range
    Subnet / IP Range2001:db8:0:2::2000-2001:db8:0:2::a000
  3. Select OK.
Configuring the Example using the CLI

Enter the following CLI command:

config firewall address6

edit Accounting_Team

set type iprange

set visibility enable

set start-ip 2001:db8:0:2::2000

set end-ip 2001:db8:0:2::a000

end

To verify that the addresses were added correctly:
  1. Go to Policy & Objects > Objects > Addresses. Check that the addresses have been added to the address list and that they are correct.

  2. Enter the following CLI command:
  3. config firewall address6

    edit <the name of the address that you wish to verify>

    Show full-configuration