Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config firewall address

Configure IPv4 addresses.

config firewall address

Description: Configure IPv4 addresses.

edit <name>

set uuid {uuid}

set subnet {ipv4-classnet-any}

set type [ipmask|iprange|...]

set sub-type [sdn|clearpass-spt|...]

set clearpass-spt [unknown|healthy|...]

set macaddr <macaddr1>, <macaddr2>, ...

set start-ip {ipv4-address-any}

set end-ip {ipv4-address-any}

set fqdn {string}

set country {string}

set wildcard-fqdn {string}

set cache-ttl {integer}

set wildcard {ipv4-classnet-any}

set sdn {string}

set fsso-group <name1>, <name2>, ...

set interface {string}

set tenant {string}

set organization {string}

set epg-name {string}

set subnet-name {string}

set sdn-tag {string}

set policy-group {string}

set obj-tag {string}

set obj-type [ip|mac]

set comment {var-string}

set associated-interface {string}

set color {integer}

set filter {var-string}

set sdn-addr-type [private|public|...]

set node-ip-only [enable|disable]

set obj-id {var-string}

config list

Description: IP address list.

edit <ip>

next

end

config tagging

Description: Config object tagging.

edit <name>

set category {string}

set tags <name1>, <name2>, ...

next

end

set allow-routing [enable|disable]

set fabric-object [enable|disable]

next

end

config firewall address

Parameter

Description

Type

Size

Default

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

subnet

IP address and subnet mask of address.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

type

Type of address.

option

-

ipmask

 

Option

Description

ipmask

Standard IPv4 address with subnet mask.

iprange

Range of IPv4 addresses between two specified addresses (inclusive).

fqdn

Fully Qualified Domain Name address.

geography

IP addresses from a specified country.

wildcard

Standard IPv4 using a wildcard subnet mask.

dynamic

Dynamic address object.

interface-subnet

IP and subnet of interface.

mac

Range of MAC addresses.

sub-type

Sub-type of address.

option

-

sdn

 

Option

Description

sdn

SDN address.

clearpass-spt

ClearPass SPT (System Posture Token) address.

fsso

FSSO address.

ems-tag

FortiClient EMS tag.

clearpass-spt

SPT (System Posture Token) value.

option

-

unknown

 

Option

Description

unknown

UNKNOWN.

healthy

HEALTHY.

quarantine

QUARANTINE.

checkup

CHECKUP.

transient

TRANSIENT.

infected

INFECTED.

macaddr <macaddr>

Multiple MAC address ranges.

MAC address ranges <start>[-<end>] separated by space.

string

Maximum length: 127

start-ip

First IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

0.0.0.0

end-ip

Final IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

0.0.0.0

fqdn

Fully Qualified Domain Name address.

string

Maximum length: 255

country

IP addresses associated to a specific country.

string

Maximum length: 2

wildcard-fqdn

Fully Qualified Domain Name with wildcard characters.

string

Maximum length: 255

cache-ttl

Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

integer

Minimum value: 0 Maximum value: 86400

0

wildcard

IP address and wildcard netmask.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

sdn

SDN.

string

Maximum length: 35

fsso-group <name>

FSSO group(s).

FSSO group name.

string

Maximum length: 511

interface

Name of interface whose IP address is to be used.

string

Maximum length: 35

tenant

Tenant.

string

Maximum length: 35

organization

Organization domain name (Syntax: organization/domain).

string

Maximum length: 35

epg-name

Endpoint group name.

string

Maximum length: 255

subnet-name

Subnet name.

string

Maximum length: 255

sdn-tag

SDN Tag.

string

Maximum length: 15

policy-group

Policy group name.

string

Maximum length: 15

obj-tag

Tag of dynamic address object.

string

Maximum length: 255

obj-type

Object type.

option

-

ip

 

Option

Description

ip

IP address.

mac

MAC address

comment

Comment.

var-string

Maximum length: 255

associated-interface

Network interface associated with address.

string

Maximum length: 35

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

0

filter

Match criteria filter.

var-string

Maximum length: 2047

sdn-addr-type

Type of addresses to collect.

option

-

private

 

Option

Description

private

Collect private addresses only.

public

Collect public addresses only.

all

Collect both public and private addresses.

node-ip-only

Enable/disable collection of node addresses only in Kubernetes.

option

-

disable

 

Option

Description

enable

Enable collection of node addresses only in Kubernetes.

disable

Disable collection of node addresses only in Kubernetes.

obj-id

Object ID for NSX.

var-string

Maximum length: 255

allow-routing

Enable/disable use of this address in the static route configuration.

option

-

disable

 

Option

Description

enable

Enable use of this address in the static route configuration.

disable

Disable use of this address in the static route configuration.

fabric-object

Security Fabric global object setting.

option

-

disable

 

Option

Description

enable

Object is set as a security fabric-wide global object.

disable

Object is local to this security fabric member.

config tagging

Parameter

Description

Type

Size

Default

category

Tag category.

string

Maximum length: 63

tags <name>

Tags.

Tag name.

string

Maximum length: 79

config firewall address

Configure IPv4 addresses.

config firewall address

Description: Configure IPv4 addresses.

edit <name>

set uuid {uuid}

set subnet {ipv4-classnet-any}

set type [ipmask|iprange|...]

set sub-type [sdn|clearpass-spt|...]

set clearpass-spt [unknown|healthy|...]

set macaddr <macaddr1>, <macaddr2>, ...

set start-ip {ipv4-address-any}

set end-ip {ipv4-address-any}

set fqdn {string}

set country {string}

set wildcard-fqdn {string}

set cache-ttl {integer}

set wildcard {ipv4-classnet-any}

set sdn {string}

set fsso-group <name1>, <name2>, ...

set interface {string}

set tenant {string}

set organization {string}

set epg-name {string}

set subnet-name {string}

set sdn-tag {string}

set policy-group {string}

set obj-tag {string}

set obj-type [ip|mac]

set comment {var-string}

set associated-interface {string}

set color {integer}

set filter {var-string}

set sdn-addr-type [private|public|...]

set node-ip-only [enable|disable]

set obj-id {var-string}

config list

Description: IP address list.

edit <ip>

next

end

config tagging

Description: Config object tagging.

edit <name>

set category {string}

set tags <name1>, <name2>, ...

next

end

set allow-routing [enable|disable]

set fabric-object [enable|disable]

next

end

config firewall address

Parameter

Description

Type

Size

Default

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

subnet

IP address and subnet mask of address.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

type

Type of address.

option

-

ipmask

 

Option

Description

ipmask

Standard IPv4 address with subnet mask.

iprange

Range of IPv4 addresses between two specified addresses (inclusive).

fqdn

Fully Qualified Domain Name address.

geography

IP addresses from a specified country.

wildcard

Standard IPv4 using a wildcard subnet mask.

dynamic

Dynamic address object.

interface-subnet

IP and subnet of interface.

mac

Range of MAC addresses.

sub-type

Sub-type of address.

option

-

sdn

 

Option

Description

sdn

SDN address.

clearpass-spt

ClearPass SPT (System Posture Token) address.

fsso

FSSO address.

ems-tag

FortiClient EMS tag.

clearpass-spt

SPT (System Posture Token) value.

option

-

unknown

 

Option

Description

unknown

UNKNOWN.

healthy

HEALTHY.

quarantine

QUARANTINE.

checkup

CHECKUP.

transient

TRANSIENT.

infected

INFECTED.

macaddr <macaddr>

Multiple MAC address ranges.

MAC address ranges <start>[-<end>] separated by space.

string

Maximum length: 127

start-ip

First IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

0.0.0.0

end-ip

Final IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

0.0.0.0

fqdn

Fully Qualified Domain Name address.

string

Maximum length: 255

country

IP addresses associated to a specific country.

string

Maximum length: 2

wildcard-fqdn

Fully Qualified Domain Name with wildcard characters.

string

Maximum length: 255

cache-ttl

Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

integer

Minimum value: 0 Maximum value: 86400

0

wildcard

IP address and wildcard netmask.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

sdn

SDN.

string

Maximum length: 35

fsso-group <name>

FSSO group(s).

FSSO group name.

string

Maximum length: 511

interface

Name of interface whose IP address is to be used.

string

Maximum length: 35

tenant

Tenant.

string

Maximum length: 35

organization

Organization domain name (Syntax: organization/domain).

string

Maximum length: 35

epg-name

Endpoint group name.

string

Maximum length: 255

subnet-name

Subnet name.

string

Maximum length: 255

sdn-tag

SDN Tag.

string

Maximum length: 15

policy-group

Policy group name.

string

Maximum length: 15

obj-tag

Tag of dynamic address object.

string

Maximum length: 255

obj-type

Object type.

option

-

ip

 

Option

Description

ip

IP address.

mac

MAC address

comment

Comment.

var-string

Maximum length: 255

associated-interface

Network interface associated with address.

string

Maximum length: 35

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

0

filter

Match criteria filter.

var-string

Maximum length: 2047

sdn-addr-type

Type of addresses to collect.

option

-

private

 

Option

Description

private

Collect private addresses only.

public

Collect public addresses only.

all

Collect both public and private addresses.

node-ip-only

Enable/disable collection of node addresses only in Kubernetes.

option

-

disable

 

Option

Description

enable

Enable collection of node addresses only in Kubernetes.

disable

Disable collection of node addresses only in Kubernetes.

obj-id

Object ID for NSX.

var-string

Maximum length: 255

allow-routing

Enable/disable use of this address in the static route configuration.

option

-

disable

 

Option

Description

enable

Enable use of this address in the static route configuration.

disable

Disable use of this address in the static route configuration.

fabric-object

Security Fabric global object setting.

option

-

disable

 

Option

Description

enable

Object is set as a security fabric-wide global object.

disable

Object is local to this security fabric member.

config tagging

Parameter

Description

Type

Size

Default

category

Tag category.

string

Maximum length: 63

tags <name>

Tags.

Tag name.

string

Maximum length: 79