Fortinet black logo

Administration Guide

Interface subnet

Interface subnet

Interface subnet address type enables automatic address creation for attached networks.

Note

The Create address object matching subnet option is displayed in the GUI when Role is set to LAN or DMZ.

To create an interface subnet:
  1. Go to Network > Interfaces.

  2. Select Create New > Interface or select existing interface and Edit.

  3. Enable Create address object matching subnet and configure the settings.

  4. Click OK.

The following is an example of how to configure an interface subnet firewall address on the CLI:

config firewall address
    edit "port1 address"
        set type interface-subnet
        set interface "port1"
    next
end

Interface subnet addresses are automatically created after enabling the Create address object matching subnet option in the interface page or they can be manually configured in the CLI. You cannot choose Interface Subnet in the GUI when creating the address, but after the address is created, it will show up in the GUI. However, all the settings are grayed other than the comments, which can be edited.

When the Create address object matching subnet option is enabled, the new address object displays on the Policy & Objects > Address > Interface Subnet.

After the address is created, the subnet is dynamically assigned to the address object which can be seen on both GUI and CLI:

config firewall address
    edit "port1 address"
        set type interface-subnet
        set subnet 172.16.200.1 255.255.255.0
        set interface "port1"
    next
end

Interface subnet

Interface subnet address type enables automatic address creation for attached networks.

Note

The Create address object matching subnet option is displayed in the GUI when Role is set to LAN or DMZ.

To create an interface subnet:
  1. Go to Network > Interfaces.

  2. Select Create New > Interface or select existing interface and Edit.

  3. Enable Create address object matching subnet and configure the settings.

  4. Click OK.

The following is an example of how to configure an interface subnet firewall address on the CLI:

config firewall address
    edit "port1 address"
        set type interface-subnet
        set interface "port1"
    next
end

Interface subnet addresses are automatically created after enabling the Create address object matching subnet option in the interface page or they can be manually configured in the CLI. You cannot choose Interface Subnet in the GUI when creating the address, but after the address is created, it will show up in the GUI. However, all the settings are grayed other than the comments, which can be edited.

When the Create address object matching subnet option is enabled, the new address object displays on the Policy & Objects > Address > Interface Subnet.

After the address is created, the subnet is dynamically assigned to the address object which can be seen on both GUI and CLI:

config firewall address
    edit "port1 address"
        set type interface-subnet
        set subnet 172.16.200.1 255.255.255.0
        set interface "port1"
    next
end