Fortinet black logo

CLI Reference

config firewall address

config firewall address

Configure IPv4 addresses.

config firewall address
    Description: Configure IPv4 addresses.
    edit <name>
        set allow-routing [enable|disable]
        set associated-interface {string}
        set cache-ttl {integer}
        set clearpass-spt [unknown|healthy|...]
        set color {integer}
        set comment {var-string}
        set country {string}
        set end-ip {ipv4-address-any}
        set epg-name {string}
        set fabric-object [enable|disable]
        set filter {var-string}
        set fqdn {string}
        set fsso-group <name1>, <name2>, ...
        set interface {string}
        config list
            Description: IP address list.
            edit <ip>
                set ip {string}
            next
        end
        set macaddr <macaddr1>, <macaddr2>, ...
        set name {string}
        set node-ip-only [enable|disable]
        set obj-id {var-string}
        set obj-tag {string}
        set obj-type [ip|mac]
        set organization {string}
        set policy-group {string}
        set sdn {string}
        set sdn-addr-type [private|public|...]
        set sdn-tag {string}
        set start-ip {ipv4-address-any}
        set sub-type [sdn|clearpass-spt|...]
        set subnet {ipv4-classnet-any}
        set subnet-name {string}
        set tag-detection-level {string}
        set tag-type {string}
        config tagging
            Description: Config object tagging.
            edit <name>
                set name {string}
                set category {string}
                set tags <name1>, <name2>, ...
            next
        end
        set tenant {string}
        set type [ipmask|iprange|...]
        set uuid {uuid}
        set wildcard {ipv4-classnet-any}
        set wildcard-fqdn {string}
    next
end

config firewall address

Parameter

Description

Type

Size

Default

allow-routing

Enable/disable use of this address in the static route configuration.

option

-

disable

Option

Description

enable

Enable use of this address in the static route configuration.

disable

Disable use of this address in the static route configuration.

associated-interface

Network interface associated with address.

string

Not Specified

cache-ttl

Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

integer

Minimum value: 0 Maximum value: 86400

0

clearpass-spt

SPT (System Posture Token) value.

option

-

unknown

Option

Description

unknown

UNKNOWN.

healthy

HEALTHY.

quarantine

QUARANTINE.

checkup

CHECKUP.

transient

TRANSIENT.

infected

INFECTED.

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

0

comment

Comment.

var-string

Not Specified

country

IP addresses associated to a specific country.

string

Not Specified

end-ip

Final IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

0.0.0.0

epg-name

Endpoint group name.

string

Not Specified

fabric-object

Security Fabric global object setting.

option

-

disable

Option

Description

enable

Object is set as a security fabric-wide global object.

disable

Object is local to this security fabric member.

filter

Match criteria filter.

var-string

Not Specified

fqdn

Fully Qualified Domain Name address.

string

Not Specified

fsso-group <name>

FSSO group(s).

FSSO group name.

string

Maximum length: 511

interface

Name of interface whose IP address is to be used.

string

Not Specified

macaddr <macaddr>

Multiple MAC address ranges.

MAC address ranges <start>[-<end>] separated by space.

string

Maximum length: 127

name

Address name.

string

Not Specified

node-ip-only

Enable/disable collection of node addresses only in Kubernetes.

option

-

disable

Option

Description

enable

Enable collection of node addresses only in Kubernetes.

disable

Disable collection of node addresses only in Kubernetes.

obj-id

Object ID for NSX.

var-string

Not Specified

obj-tag

Tag of dynamic address object.

string

Not Specified

obj-type

Object type.

option

-

ip

Option

Description

ip

IP address.

mac

MAC address

organization

Organization domain name (Syntax: organization/domain).

string

Not Specified

policy-group

Policy group name.

string

Not Specified

sdn

SDN.

string

Not Specified

sdn-addr-type

Type of addresses to collect.

option

-

private

Option

Description

private

Collect private addresses only.

public

Collect public addresses only.

all

Collect both public and private addresses.

sdn-tag

SDN Tag.

string

Not Specified

start-ip

First IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

0.0.0.0

sub-type

Sub-type of address.

option

-

sdn

Option

Description

sdn

SDN address.

clearpass-spt

ClearPass SPT (System Posture Token) address.

fsso

FSSO address.

ems-tag

FortiClient EMS tag.

fortivoice-tag

FortiVoice tag.

fortinac-tag

FortiNAC tag.

swc-tag

Switch Controller NAC policy tag.

subnet

IP address and subnet mask of address.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

subnet-name

Subnet name.

string

Not Specified

tag-detection-level

Tag detection level of dynamic address object.

string

Not Specified

tag-type

Tag type of dynamic address object.

string

Not Specified

tenant

Tenant.

string

Not Specified

type

Type of address.

option

-

ipmask

Option

Description

ipmask

Standard IPv4 address with subnet mask.

iprange

Range of IPv4 addresses between two specified addresses (inclusive).

fqdn

Fully Qualified Domain Name address.

geography

IP addresses from a specified country.

wildcard

Standard IPv4 using a wildcard subnet mask.

dynamic

Dynamic address object.

interface-subnet

IP and subnet of interface.

mac

Range of MAC addresses.

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

wildcard

IP address and wildcard netmask.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

wildcard-fqdn

Fully Qualified Domain Name with wildcard characters.

string

Not Specified

config list

Parameter

Description

Type

Size

Default

ip

IP.

string

Not Specified

config tagging

Parameter

Description

Type

Size

Default

name

Tagging entry name.

string

Not Specified

category

Tag category.

string

Not Specified

tags <name>

Tags.

Tag name.

string

Maximum length: 79

config firewall address

Configure IPv4 addresses.

config firewall address
    Description: Configure IPv4 addresses.
    edit <name>
        set allow-routing [enable|disable]
        set associated-interface {string}
        set cache-ttl {integer}
        set clearpass-spt [unknown|healthy|...]
        set color {integer}
        set comment {var-string}
        set country {string}
        set end-ip {ipv4-address-any}
        set epg-name {string}
        set fabric-object [enable|disable]
        set filter {var-string}
        set fqdn {string}
        set fsso-group <name1>, <name2>, ...
        set interface {string}
        config list
            Description: IP address list.
            edit <ip>
                set ip {string}
            next
        end
        set macaddr <macaddr1>, <macaddr2>, ...
        set name {string}
        set node-ip-only [enable|disable]
        set obj-id {var-string}
        set obj-tag {string}
        set obj-type [ip|mac]
        set organization {string}
        set policy-group {string}
        set sdn {string}
        set sdn-addr-type [private|public|...]
        set sdn-tag {string}
        set start-ip {ipv4-address-any}
        set sub-type [sdn|clearpass-spt|...]
        set subnet {ipv4-classnet-any}
        set subnet-name {string}
        set tag-detection-level {string}
        set tag-type {string}
        config tagging
            Description: Config object tagging.
            edit <name>
                set name {string}
                set category {string}
                set tags <name1>, <name2>, ...
            next
        end
        set tenant {string}
        set type [ipmask|iprange|...]
        set uuid {uuid}
        set wildcard {ipv4-classnet-any}
        set wildcard-fqdn {string}
    next
end

config firewall address

Parameter

Description

Type

Size

Default

allow-routing

Enable/disable use of this address in the static route configuration.

option

-

disable

Option

Description

enable

Enable use of this address in the static route configuration.

disable

Disable use of this address in the static route configuration.

associated-interface

Network interface associated with address.

string

Not Specified

cache-ttl

Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

integer

Minimum value: 0 Maximum value: 86400

0

clearpass-spt

SPT (System Posture Token) value.

option

-

unknown

Option

Description

unknown

UNKNOWN.

healthy

HEALTHY.

quarantine

QUARANTINE.

checkup

CHECKUP.

transient

TRANSIENT.

infected

INFECTED.

color

Color of icon on the GUI.

integer

Minimum value: 0 Maximum value: 32

0

comment

Comment.

var-string

Not Specified

country

IP addresses associated to a specific country.

string

Not Specified

end-ip

Final IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

0.0.0.0

epg-name

Endpoint group name.

string

Not Specified

fabric-object

Security Fabric global object setting.

option

-

disable

Option

Description

enable

Object is set as a security fabric-wide global object.

disable

Object is local to this security fabric member.

filter

Match criteria filter.

var-string

Not Specified

fqdn

Fully Qualified Domain Name address.

string

Not Specified

fsso-group <name>

FSSO group(s).

FSSO group name.

string

Maximum length: 511

interface

Name of interface whose IP address is to be used.

string

Not Specified

macaddr <macaddr>

Multiple MAC address ranges.

MAC address ranges <start>[-<end>] separated by space.

string

Maximum length: 127

name

Address name.

string

Not Specified

node-ip-only

Enable/disable collection of node addresses only in Kubernetes.

option

-

disable

Option

Description

enable

Enable collection of node addresses only in Kubernetes.

disable

Disable collection of node addresses only in Kubernetes.

obj-id

Object ID for NSX.

var-string

Not Specified

obj-tag

Tag of dynamic address object.

string

Not Specified

obj-type

Object type.

option

-

ip

Option

Description

ip

IP address.

mac

MAC address

organization

Organization domain name (Syntax: organization/domain).

string

Not Specified

policy-group

Policy group name.

string

Not Specified

sdn

SDN.

string

Not Specified

sdn-addr-type

Type of addresses to collect.

option

-

private

Option

Description

private

Collect private addresses only.

public

Collect public addresses only.

all

Collect both public and private addresses.

sdn-tag

SDN Tag.

string

Not Specified

start-ip

First IP address (inclusive) in the range for the address.

ipv4-address-any

Not Specified

0.0.0.0

sub-type

Sub-type of address.

option

-

sdn

Option

Description

sdn

SDN address.

clearpass-spt

ClearPass SPT (System Posture Token) address.

fsso

FSSO address.

ems-tag

FortiClient EMS tag.

fortivoice-tag

FortiVoice tag.

fortinac-tag

FortiNAC tag.

swc-tag

Switch Controller NAC policy tag.

subnet

IP address and subnet mask of address.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

subnet-name

Subnet name.

string

Not Specified

tag-detection-level

Tag detection level of dynamic address object.

string

Not Specified

tag-type

Tag type of dynamic address object.

string

Not Specified

tenant

Tenant.

string

Not Specified

type

Type of address.

option

-

ipmask

Option

Description

ipmask

Standard IPv4 address with subnet mask.

iprange

Range of IPv4 addresses between two specified addresses (inclusive).

fqdn

Fully Qualified Domain Name address.

geography

IP addresses from a specified country.

wildcard

Standard IPv4 using a wildcard subnet mask.

dynamic

Dynamic address object.

interface-subnet

IP and subnet of interface.

mac

Range of MAC addresses.

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

wildcard

IP address and wildcard netmask.

ipv4-classnet-any

Not Specified

0.0.0.0 0.0.0.0

wildcard-fqdn

Fully Qualified Domain Name with wildcard characters.

string

Not Specified

config list

Parameter

Description

Type

Size

Default

ip

IP.

string

Not Specified

config tagging

Parameter

Description

Type

Size

Default

name

Tagging entry name.

string

Not Specified

category

Tag category.

string

Not Specified

tags <name>

Tags.

Tag name.

string

Maximum length: 79