Fortinet black logo

Administration Guide

Address group

Address group

The use of groups is not mandatory. However, adding individual addresses to a policy sometimes become tedious. If you use several different addresses with a given policy, these address objects can be grouped into an address group as it is much easier to add or subtract addresses from the group.

Security policies require addresses with homogenous network interfaces. Therefore, address groups should contain only addresses bound to the same network interface or Any.

For example, if address 1.1.1.1 is associated with port1, and address 2.2.2.2 is associated with port2, they cannot be in the same group. However, if 1.1.1.1 and 2.2.2.2 are configured with an interface of Any, they can be grouped, even if the addresses involve different networks.

To create an address group:
  1. Go to Policy & Objects > Addresses.

  2. Go to Create New > Address Group.

  3. In the Category field, select IPv4 Group.

  4. Enter a Group name for the address object.

  5. In the Type field, select Group.

  6. Select the + in the Members field. The Select Entries pane opens.

  7. Select members of the group. It is possible to select more than one entry. Select the x icon in the field to remove an entry.

  8. Enable/disable Static route configuration.

  9. Enter any additional information in the Comments field.

  10. Click OK.

Address group

The use of groups is not mandatory. However, adding individual addresses to a policy sometimes become tedious. If you use several different addresses with a given policy, these address objects can be grouped into an address group as it is much easier to add or subtract addresses from the group.

Security policies require addresses with homogenous network interfaces. Therefore, address groups should contain only addresses bound to the same network interface or Any.

For example, if address 1.1.1.1 is associated with port1, and address 2.2.2.2 is associated with port2, they cannot be in the same group. However, if 1.1.1.1 and 2.2.2.2 are configured with an interface of Any, they can be grouped, even if the addresses involve different networks.

To create an address group:
  1. Go to Policy & Objects > Addresses.

  2. Go to Create New > Address Group.

  3. In the Category field, select IPv4 Group.

  4. Enter a Group name for the address object.

  5. In the Type field, select Group.

  6. Select the + in the Members field. The Select Entries pane opens.

  7. Select members of the group. It is possible to select more than one entry. Select the x icon in the field to remove an entry.

  8. Enable/disable Static route configuration.

  9. Enter any additional information in the Comments field.

  10. Click OK.