Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config firewall address

Configure IPv4 addresses.

config firewall address

Description: Configure IPv4 addresses.

edit <name>

set uuid {uuid}

set subnet {ipv4-classnet-any}

set type [ipmask|iprange|...]

set sub-type [sdn|clearpass-spt|...]

set clearpass-spt [unknown|healthy|...]

set start-mac {mac-address}

set end-mac {mac-address}

set start-ip {ipv4-address-any}

set end-ip {ipv4-address-any}

set fqdn {string}

set country {string}

set wildcard-fqdn {string}

set cache-ttl {integer}

set wildcard {ipv4-classnet-any}

set sdn {string}

set fsso-group <name1>, <name2>, ...

set interface {string}

set tenant {string}

set organization {string}

set epg-name {string}

set subnet-name {string}

set sdn-tag {string}

set policy-group {string}

set comment {var-string}

set visibility [enable|disable]

set associated-interface {string}

set color {integer}

set filter {var-string}

set sdn-addr-type [private|public|...]

set obj-id {var-string}

config list

Description: IP address list.

edit <ip>

next

end

config tagging

Description: Config object tagging.

edit <name>

set category {string}

set tags <name1>, <name2>, ...

next

end

set allow-routing [enable|disable]

next

end

config firewall address

Parameter name

Description

Type

Size

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

subnet

IP address and subnet mask of address.

ipv4-classnet-any

Not Specified

type

Type of address.

option

-

 

Option

Description

ipmask

Standard IPv4 address with subnet mask.

iprange

Range of IPv4 addresses between two specified addresses (inclusive).

fqdn

Fully Qualified Domain Name address.

geography

IP addresses from a specified country.

wildcard

Standard IPv4 using a wildcard subnet mask.

dynamic

Dynamic address object.

interface-subnet

IP and subnet of interface.

mac

Range of MAC addresses.

sub-type

Sub-type of address.

option

-

 

Option

Description

sdn

SDN address.

clearpass-spt

ClearPass SPT (System Posture Token) address.

fsso

FSSO address.

clearpass-spt

SPT (System Posture Token) value.

option

-

 

Option

Description

unknown

UNKNOWN.

healthy

HEALTHY.

quarantine

QUARANTINE.

checkup

CHECKUP.

transient

TRANSIENT.

infected

INFECTED.

start-mac

First MAC address in the range.

mac-address

Not Specified

end-mac

Last MAC address in the range.

mac-address

Not Specified

start-ip

First IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

end-ip

Final IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

fqdn

Fully Qualified Domain Name address.

string

Maximum length: 255

country

IP addresses associated to a specific country.

string

Maximum length: 2

wildcard-fqdn

Fully Qualified Domain Name with wildcard characters.

string

Maximum length: 255

cache-ttl

Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

integer

Minimum value: 0 Maximum value: 86400

wildcard

IP address and wildcard netmask.

ipv4-classnet-any

Not Specified

sdn

SDN.

string

Maximum length: 35

fsso-group <name>

FSSO group(s).

FSSO group name.

string

Maximum length: 511

interface

Name of interface whose IP address is to be used.

string

Maximum length: 35

tenant

Tenant.

string

Maximum length: 35

organization

Organization domain name (Syntax: organization/domain).

string

Maximum length: 35

epg-name

Endpoint group name.

string

Maximum length: 255

subnet-name

Subnet name.

string

Maximum length: 255

sdn-tag

SDN Tag.

string

Maximum length: 15

policy-group

Policy group name.

string

Maximum length: 15

comment

Comment.

var-string

Maximum length: 255

visibility

Enable/disable address visibility in the GUI.

option

-

 

Option

Description

enable

Show in address4 selection.

disable

Hide from address4 selection.

associated-interface

Network interface associated with address.

string

Maximum length: 35

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

filter

Match criteria filter.

var-string

Maximum length: 2047

sdn-addr-type

Type of addresses to collect.

option

-

 

Option

Description

private

Collect private addresses only.

public

Collect public addresses only.

all

Collect both public and private addresses.

obj-id

Object ID for NSX.

var-string

Maximum length: 255

allow-routing

Enable/disable use of this address in the static route configuration.

option

-

 

Option

Description

enable

Enable use of this address in the static route configuration.

disable

Disable use of this address in the static route configuration.

config tagging

Parameter name

Description

Type

Size

category

Tag category.

string

Maximum length: 63

tags <name>

Tags.

Tag name.

string

Maximum length: 79

config firewall address

Configure IPv4 addresses.

config firewall address

Description: Configure IPv4 addresses.

edit <name>

set uuid {uuid}

set subnet {ipv4-classnet-any}

set type [ipmask|iprange|...]

set sub-type [sdn|clearpass-spt|...]

set clearpass-spt [unknown|healthy|...]

set start-mac {mac-address}

set end-mac {mac-address}

set start-ip {ipv4-address-any}

set end-ip {ipv4-address-any}

set fqdn {string}

set country {string}

set wildcard-fqdn {string}

set cache-ttl {integer}

set wildcard {ipv4-classnet-any}

set sdn {string}

set fsso-group <name1>, <name2>, ...

set interface {string}

set tenant {string}

set organization {string}

set epg-name {string}

set subnet-name {string}

set sdn-tag {string}

set policy-group {string}

set comment {var-string}

set visibility [enable|disable]

set associated-interface {string}

set color {integer}

set filter {var-string}

set sdn-addr-type [private|public|...]

set obj-id {var-string}

config list

Description: IP address list.

edit <ip>

next

end

config tagging

Description: Config object tagging.

edit <name>

set category {string}

set tags <name1>, <name2>, ...

next

end

set allow-routing [enable|disable]

next

end

config firewall address

Parameter name

Description

Type

Size

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

subnet

IP address and subnet mask of address.

ipv4-classnet-any

Not Specified

type

Type of address.

option

-

 

Option

Description

ipmask

Standard IPv4 address with subnet mask.

iprange

Range of IPv4 addresses between two specified addresses (inclusive).

fqdn

Fully Qualified Domain Name address.

geography

IP addresses from a specified country.

wildcard

Standard IPv4 using a wildcard subnet mask.

dynamic

Dynamic address object.

interface-subnet

IP and subnet of interface.

mac

Range of MAC addresses.

sub-type

Sub-type of address.

option

-

 

Option

Description

sdn

SDN address.

clearpass-spt

ClearPass SPT (System Posture Token) address.

fsso

FSSO address.

clearpass-spt

SPT (System Posture Token) value.

option

-

 

Option

Description

unknown

UNKNOWN.

healthy

HEALTHY.

quarantine

QUARANTINE.

checkup

CHECKUP.

transient

TRANSIENT.

infected

INFECTED.

start-mac

First MAC address in the range.

mac-address

Not Specified

end-mac

Last MAC address in the range.

mac-address

Not Specified

start-ip

First IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

end-ip

Final IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

fqdn

Fully Qualified Domain Name address.

string

Maximum length: 255

country

IP addresses associated to a specific country.

string

Maximum length: 2

wildcard-fqdn

Fully Qualified Domain Name with wildcard characters.

string

Maximum length: 255

cache-ttl

Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

integer

Minimum value: 0 Maximum value: 86400

wildcard

IP address and wildcard netmask.

ipv4-classnet-any

Not Specified

sdn

SDN.

string

Maximum length: 35

fsso-group <name>

FSSO group(s).

FSSO group name.

string

Maximum length: 511

interface

Name of interface whose IP address is to be used.

string

Maximum length: 35

tenant

Tenant.

string

Maximum length: 35

organization

Organization domain name (Syntax: organization/domain).

string

Maximum length: 35

epg-name

Endpoint group name.

string

Maximum length: 255

subnet-name

Subnet name.

string

Maximum length: 255

sdn-tag

SDN Tag.

string

Maximum length: 15

policy-group

Policy group name.

string

Maximum length: 15

comment

Comment.

var-string

Maximum length: 255

visibility

Enable/disable address visibility in the GUI.

option

-

 

Option

Description

enable

Show in address4 selection.

disable

Hide from address4 selection.

associated-interface

Network interface associated with address.

string

Maximum length: 35

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

filter

Match criteria filter.

var-string

Maximum length: 2047

sdn-addr-type

Type of addresses to collect.

option

-

 

Option

Description

private

Collect private addresses only.

public

Collect public addresses only.

all

Collect both public and private addresses.

obj-id

Object ID for NSX.

var-string

Maximum length: 255

allow-routing

Enable/disable use of this address in the static route configuration.

option

-

 

Option

Description

enable

Enable use of this address in the static route configuration.

disable

Disable use of this address in the static route configuration.

config tagging

Parameter name

Description

Type

Size

category

Tag category.

string

Maximum length: 63

tags <name>

Tags.

Tag name.

string

Maximum length: 79