Fortinet black logo

CLI Reference

firewall address

Configure IPv4 addresses.

  config firewall address
      Description: Configure IPv4 addresses.
      edit <name>
          set uuid {uuid}
          set subnet {ipv4-classnet-any}
          set type [ipmask|iprange|...]
          set sub-type [sdn|clearpass-spt|...]
          set clearpass-spt [unknown|healthy|...]
          set start-mac {mac-address}
          set end-mac {mac-address}
          set start-ip {ipv4-address-any}
          set end-ip {ipv4-address-any}
          set fqdn {string}
          set country {string}
          set wildcard-fqdn {string}
          set cache-ttl {integer}
          set wildcard {ipv4-classnet-any}
          set sdn {string}
          set fsso-group <name1>, <name2>, ...
          set interface {string}
          set tenant {string}
          set organization {string}
          set epg-name {string}
          set subnet-name {string}
          set sdn-tag {string}
          set policy-group {string}
          set comment {var-string}
          set visibility [enable|disable]
          set associated-interface {string}
          set color {integer}
          set filter {var-string}
          set sdn-addr-type [private|public|...]
          set obj-id {var-string}
          config list
              Description: IP address list.
              edit <ip>

              next
          end
          config tagging
              Description: Config object tagging.
              edit <name>
                  set category {string}
                  set tags <name1>, <name2>, ...
              next
          end
          set allow-routing [enable|disable]
      next
  end

config firewall address

Parameter Name Description Type Size
uuid Universally Unique Identifier (UUID; automatically assigned but can be manually reset). uuid Not Specified
subnet IP address and subnet mask of address. ipv4-classnet-any Not Specified
type Type of address.
ipmask: Standard IPv4 address with subnet mask.
iprange: Range of IPv4 addresses between two specified addresses (inclusive).
fqdn: Fully Qualified Domain Name address.
geography: IP addresses from a specified country.
wildcard: Standard IPv4 using a wildcard subnet mask.
dynamic: Dynamic address object.
interface-subnet: IP and subnet of interface.
mac: Range of MAC addresses.
option -
sub-type Sub-type of address.
sdn: SDN address.
clearpass-spt: ClearPass SPT (System Posture Token) address.
fsso: FSSO address.
option -
clearpass-spt SPT (System Posture Token) value.
unknown: UNKNOWN.
healthy: HEALTHY.
quarantine: QUARANTINE.
checkup: CHECKUP.
transient: TRANSIENT.
infected: INFECTED.
option -
start-mac First MAC address in the range. mac-address Not Specified
end-mac Last MAC address in the range. mac-address Not Specified
start-ip First IP address (inclusive) in the range for the address. ipv4-address-any Not Specified
end-ip Final IP address (inclusive) in the range for the address. ipv4-address-any Not Specified
fqdn Fully Qualified Domain Name address. string Maximum length: 255
country IP addresses associated to a specific country. string Maximum length: 2
wildcard-fqdn Fully Qualified Domain Name with wildcard characters. string Maximum length: 255
cache-ttl Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. integer Minimum value: 0 Maximum value: 86400
wildcard IP address and wildcard netmask. ipv4-classnet-any Not Specified
sdn SDN. string Maximum length: 35
fsso-group <name> FSSO group(s).
FSSO group name.
string Maximum length: 511
interface Name of interface whose IP address is to be used. string Maximum length: 35
tenant Tenant. string Maximum length: 35
organization Organization domain name (Syntax: organization/domain). string Maximum length: 35
epg-name Endpoint group name. string Maximum length: 255
subnet-name Subnet name. string Maximum length: 255
sdn-tag SDN Tag. string Maximum length: 15
policy-group Policy group name. string Maximum length: 15
comment Comment. var-string Maximum length: 255
visibility Enable/disable address visibility in the GUI.
enable: Show in address4 selection.
disable: Hide from address4 selection.
option -
associated-interface Network interface associated with address. string Maximum length: 35
color Color of icon on the GUI. integer Minimum value: 0 Maximum value: 32
filter Match criteria filter. var-string Maximum length: 2047
sdn-addr-type Type of addresses to collect.
private: Collect private addresses only.
public: Collect public addresses only.
all: Collect both public and private addresses.
option -
obj-id Object ID for NSX. var-string Maximum length: 255
allow-routing Enable/disable use of this address in the static route configuration.
enable: Enable use of this address in the static route configuration.
disable: Disable use of this address in the static route configuration.
option -

config tagging

Parameter Name Description Type Size
category Tag category. string Maximum length: 63
tags <name> Tags.
Tag name.
string Maximum length: 79

Configure IPv4 addresses.

  config firewall address
      Description: Configure IPv4 addresses.
      edit <name>
          set uuid {uuid}
          set subnet {ipv4-classnet-any}
          set type [ipmask|iprange|...]
          set sub-type [sdn|clearpass-spt|...]
          set clearpass-spt [unknown|healthy|...]
          set start-mac {mac-address}
          set end-mac {mac-address}
          set start-ip {ipv4-address-any}
          set end-ip {ipv4-address-any}
          set fqdn {string}
          set country {string}
          set wildcard-fqdn {string}
          set cache-ttl {integer}
          set wildcard {ipv4-classnet-any}
          set sdn {string}
          set fsso-group <name1>, <name2>, ...
          set interface {string}
          set tenant {string}
          set organization {string}
          set epg-name {string}
          set subnet-name {string}
          set sdn-tag {string}
          set policy-group {string}
          set comment {var-string}
          set visibility [enable|disable]
          set associated-interface {string}
          set color {integer}
          set filter {var-string}
          set sdn-addr-type [private|public|...]
          set obj-id {var-string}
          config list
              Description: IP address list.
              edit <ip>

              next
          end
          config tagging
              Description: Config object tagging.
              edit <name>
                  set category {string}
                  set tags <name1>, <name2>, ...
              next
          end
          set allow-routing [enable|disable]
      next
  end

config firewall address

Parameter Name Description Type Size
uuid Universally Unique Identifier (UUID; automatically assigned but can be manually reset). uuid Not Specified
subnet IP address and subnet mask of address. ipv4-classnet-any Not Specified
type Type of address.
ipmask: Standard IPv4 address with subnet mask.
iprange: Range of IPv4 addresses between two specified addresses (inclusive).
fqdn: Fully Qualified Domain Name address.
geography: IP addresses from a specified country.
wildcard: Standard IPv4 using a wildcard subnet mask.
dynamic: Dynamic address object.
interface-subnet: IP and subnet of interface.
mac: Range of MAC addresses.
option -
sub-type Sub-type of address.
sdn: SDN address.
clearpass-spt: ClearPass SPT (System Posture Token) address.
fsso: FSSO address.
option -
clearpass-spt SPT (System Posture Token) value.
unknown: UNKNOWN.
healthy: HEALTHY.
quarantine: QUARANTINE.
checkup: CHECKUP.
transient: TRANSIENT.
infected: INFECTED.
option -
start-mac First MAC address in the range. mac-address Not Specified
end-mac Last MAC address in the range. mac-address Not Specified
start-ip First IP address (inclusive) in the range for the address. ipv4-address-any Not Specified
end-ip Final IP address (inclusive) in the range for the address. ipv4-address-any Not Specified
fqdn Fully Qualified Domain Name address. string Maximum length: 255
country IP addresses associated to a specific country. string Maximum length: 2
wildcard-fqdn Fully Qualified Domain Name with wildcard characters. string Maximum length: 255
cache-ttl Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. integer Minimum value: 0 Maximum value: 86400
wildcard IP address and wildcard netmask. ipv4-classnet-any Not Specified
sdn SDN. string Maximum length: 35
fsso-group <name> FSSO group(s).
FSSO group name.
string Maximum length: 511
interface Name of interface whose IP address is to be used. string Maximum length: 35
tenant Tenant. string Maximum length: 35
organization Organization domain name (Syntax: organization/domain). string Maximum length: 35
epg-name Endpoint group name. string Maximum length: 255
subnet-name Subnet name. string Maximum length: 255
sdn-tag SDN Tag. string Maximum length: 15
policy-group Policy group name. string Maximum length: 15
comment Comment. var-string Maximum length: 255
visibility Enable/disable address visibility in the GUI.
enable: Show in address4 selection.
disable: Hide from address4 selection.
option -
associated-interface Network interface associated with address. string Maximum length: 35
color Color of icon on the GUI. integer Minimum value: 0 Maximum value: 32
filter Match criteria filter. var-string Maximum length: 2047
sdn-addr-type Type of addresses to collect.
private: Collect private addresses only.
public: Collect public addresses only.
all: Collect both public and private addresses.
option -
obj-id Object ID for NSX. var-string Maximum length: 255
allow-routing Enable/disable use of this address in the static route configuration.
enable: Enable use of this address in the static route configuration.
disable: Disable use of this address in the static route configuration.
option -

config tagging

Parameter Name Description Type Size
category Tag category. string Maximum length: 63
tags <name> Tags.
Tag name.
string Maximum length: 79