Fortinet black logo

CLI Reference

Home FortiGate / FortiOS 6.4.11 CLI Reference

config firewall ippool

6.4.11
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0
Copy Link
Copy Doc ID a21b6ae8-5a0a-11ed-96f0-fa163e15d75b:290620
Download PDF

config firewall ippool

Configure IPv4 IP pools.

config firewall ippool
    Description: Configure IPv4 IP pools.
    edit <name>
        set arp-intf {string}
        set arp-reply [disable|enable]
        set associated-interface {string}
        set block-size {integer}
        set cgn-block-size {integer}
        set cgn-client-endip {var-string}
        set cgn-client-ipv6shift {integer}
        set cgn-client-startip {var-string}
        set cgn-fixedalloc [disable|enable]
        set cgn-overload [disable|enable]
        set cgn-port-end {integer}
        set cgn-port-start {integer}
        set cgn-spa [disable|enable]
        set comments {var-string}
        set endip {ipv4-address-any}
        set name {string}
        set num-blocks-per-user {integer}
        set pba-timeout {integer}
        set permit-any-host [disable|enable]
        set source-endip {ipv4-address-any}
        set source-startip {ipv4-address-any}
        set startip {ipv4-address-any}
        set type [overload|one-to-one|...]
        set utilization-alarm-clear {integer}
        set utilization-alarm-raise {integer}
    next
end

config firewall ippool

Parameter

Description

Type

Size

Default

arp-intf

Select an interface from available options that will reply to ARP requests. (If blank, any is selected).

string

Not Specified

arp-reply

Enable/disable replying to ARP requests when an IP Pool is added to a policy.

option

-

enable

Option

Description

disable

Disable ARP reply.

enable

Enable ARP reply.

associated-interface

Associated interface name.

string

Not Specified

block-size

Number of addresses in a block.

integer

Minimum value: 64 Maximum value: 4096

128

cgn-block-size *

Number of ports in a block.

integer

Minimum value: 64 Maximum value: 4096

128

cgn-client-endip *

Final client IPv4 address (inclusive) (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

var-string

Not Specified

cgn-client-ipv6shift *

IPv6 shift for fixed-allocation.

integer

Minimum value: 0 Maximum value: 127

0

cgn-client-startip *

First client IPv4 address (inclusive) (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

var-string

Not Specified

cgn-fixedalloc *

Enable/disable fixed-allocation mode.

option

-

disable

Option

Description

disable

Disable fixed-allocation mode.

enable

Enable fixed-allocation mode.

cgn-overload *

Enable/disable overload mode.

option

-

disable

Option

Description

disable

Disable overload mode.

enable

Enable overload mode.

cgn-port-end *

Ending public port can be allocated.

integer

Minimum value: 1024 Maximum value: 65535

65530

cgn-port-start *

Starting public port can be allocated.

integer

Minimum value: 1024 Maximum value: 65535

5117

cgn-spa *

Enable/disable single port allocation mode.

option

-

disable

Option

Description

disable

Disable SPA mode.

enable

Enable SPA mode.

comments

Comment.

var-string

Not Specified

endip

Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

name

IP pool name.

string

Not Specified

num-blocks-per-user

Number of addresses blocks that can be used by a user.

integer

Minimum value: 1 Maximum value: 128

8

pba-timeout

Port block allocation timeout (seconds).

integer

Minimum value: 3 Maximum value: 300

30

permit-any-host

Enable/disable full cone NAT.

option

-

disable

Option

Description

disable

Disable full cone NAT.

enable

Enable full cone NAT.

source-endip

Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

source-startip

First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

startip

First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

type

IP pool type (overload, one-to-one, fixed port range, or port block allocation).

option

-

overload

Option

Description

overload

IP addresses in the IP pool can be shared by clients.

one-to-one

One to one mapping.

fixed-port-range

Fixed port range.

port-block-allocation

Port block allocation.

utilization-alarm-clear *

Pool utilization alarm clear threshold.

integer

Minimum value: 40 Maximum value: 100

80

utilization-alarm-raise *

Pool utilization alarm raise threshold.

integer

Minimum value: 50 Maximum value: 100

100

* This parameter may not exist in some models.

Previous
Next

config firewall ippool

Configure IPv4 IP pools.

config firewall ippool
    Description: Configure IPv4 IP pools.
    edit <name>
        set arp-intf {string}
        set arp-reply [disable|enable]
        set associated-interface {string}
        set block-size {integer}
        set cgn-block-size {integer}
        set cgn-client-endip {var-string}
        set cgn-client-ipv6shift {integer}
        set cgn-client-startip {var-string}
        set cgn-fixedalloc [disable|enable]
        set cgn-overload [disable|enable]
        set cgn-port-end {integer}
        set cgn-port-start {integer}
        set cgn-spa [disable|enable]
        set comments {var-string}
        set endip {ipv4-address-any}
        set name {string}
        set num-blocks-per-user {integer}
        set pba-timeout {integer}
        set permit-any-host [disable|enable]
        set source-endip {ipv4-address-any}
        set source-startip {ipv4-address-any}
        set startip {ipv4-address-any}
        set type [overload|one-to-one|...]
        set utilization-alarm-clear {integer}
        set utilization-alarm-raise {integer}
    next
end

config firewall ippool

Parameter

Description

Type

Size

Default

arp-intf

Select an interface from available options that will reply to ARP requests. (If blank, any is selected).

string

Not Specified

arp-reply

Enable/disable replying to ARP requests when an IP Pool is added to a policy.

option

-

enable

Option

Description

disable

Disable ARP reply.

enable

Enable ARP reply.

associated-interface

Associated interface name.

string

Not Specified

block-size

Number of addresses in a block.

integer

Minimum value: 64 Maximum value: 4096

128

cgn-block-size *

Number of ports in a block.

integer

Minimum value: 64 Maximum value: 4096

128

cgn-client-endip *

Final client IPv4 address (inclusive) (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

var-string

Not Specified

cgn-client-ipv6shift *

IPv6 shift for fixed-allocation.

integer

Minimum value: 0 Maximum value: 127

0

cgn-client-startip *

First client IPv4 address (inclusive) (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

var-string

Not Specified

cgn-fixedalloc *

Enable/disable fixed-allocation mode.

option

-

disable

Option

Description

disable

Disable fixed-allocation mode.

enable

Enable fixed-allocation mode.

cgn-overload *

Enable/disable overload mode.

option

-

disable

Option

Description

disable

Disable overload mode.

enable

Enable overload mode.

cgn-port-end *

Ending public port can be allocated.

integer

Minimum value: 1024 Maximum value: 65535

65530

cgn-port-start *

Starting public port can be allocated.

integer

Minimum value: 1024 Maximum value: 65535

5117

cgn-spa *

Enable/disable single port allocation mode.

option

-

disable

Option

Description

disable

Disable SPA mode.

enable

Enable SPA mode.

comments

Comment.

var-string

Not Specified

endip

Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

name

IP pool name.

string

Not Specified

num-blocks-per-user

Number of addresses blocks that can be used by a user.

integer

Minimum value: 1 Maximum value: 128

8

pba-timeout

Port block allocation timeout (seconds).

integer

Minimum value: 3 Maximum value: 300

30

permit-any-host

Enable/disable full cone NAT.

option

-

disable

Option

Description

disable

Disable full cone NAT.

enable

Enable full cone NAT.

source-endip

Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

source-startip

First IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

startip

First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

type

IP pool type (overload, one-to-one, fixed port range, or port block allocation).

option

-

overload

Option

Description

overload

IP addresses in the IP pool can be shared by clients.

one-to-one

One to one mapping.

fixed-port-range

Fixed port range.

port-block-allocation

Port block allocation.

utilization-alarm-clear *

Pool utilization alarm clear threshold.

integer

Minimum value: 40 Maximum value: 100

80

utilization-alarm-raise *

Pool utilization alarm raise threshold.

integer

Minimum value: 50 Maximum value: 100

100

* This parameter may not exist in some models.

Previous
Next