Fortinet black logo

New Features

Home FortiGate / FortiOS 7.2.0 New Features

Allow empty address groups

7.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 77966226-6996-11ec-bdf2-fa163e15d75b:128474
Download PDF

Allow empty address groups

Address groups with no members can be configured in the GUI, CLI, and through the API. In previous versions of FortiOS, error messages appear for empty address groups and they cannot be configured.

When an address group with no members is configured in a firewall policy, the policy will not match any traffic. In this case, policy matching logic will proceed down the list of firewall policies until matching the implicit deny policy.

To create an empty address group in the GUI:
  1. Go to Policy & Objects > Addresses and click Create New > Address Group.
  2. Enter a name.

  3. Click OK. The This field is required. error is not displayed under the Members field.
To create an empty address group in the CLI:
config firewall addrgrp
    edit "test-empty-addrgrp4-1"
    next
end

No error message is returned in the console.

Previous
Next

Allow empty address groups

Address groups with no members can be configured in the GUI, CLI, and through the API. In previous versions of FortiOS, error messages appear for empty address groups and they cannot be configured.

When an address group with no members is configured in a firewall policy, the policy will not match any traffic. In this case, policy matching logic will proceed down the list of firewall policies until matching the implicit deny policy.

To create an empty address group in the GUI:
  1. Go to Policy & Objects > Addresses and click Create New > Address Group.
  2. Enter a name.

  3. Click OK. The This field is required. error is not displayed under the Members field.
To create an empty address group in the CLI:
config firewall addrgrp
    edit "test-empty-addrgrp4-1"
    next
end

No error message is returned in the console.

Previous
Next