Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.4.1 Administration Guide
7.4.1
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

Interface subnet

Interface subnet

Interface subnet address type enables an address object to be created automatically for the interface with which it is associated. Once created, the address object is updated when the interface IP/netmask changes on the associated interface.

To create the interface subnet address type object, create or edit an interface under Network > Interfaces, and enable the Create address object matching subnet option.

Note

The Create address object matching subnet option is automatically enabled and displayed in the GUI when Role is set to LAN or DMZ.

When you disable the Create address object matching subnet option, the feature is disabled, and the associated firewall address is deleted.
To create an interface subnet:

  1. Go to Network > Interfaces.

  2. Select Create New > Interface or select existing interface and Edit.

  3. Set Role to either LAN or DMZ.

  4. Verify that Create address object matching subnet is available and automatically enabled.

  5. Click OK.

The following is an example of how to configure an interface subnet firewall address on the CLI:

config firewall address
    edit "port1 address"
        set type interface-subnet
        set interface "port1"
    next
end

Interface subnet addresses are automatically created when Role is set to LAN or DMZ in the Interface page, or you can manually configure interface subnet addresses in the CLI. You cannot choose Interface Subnet in the GUI when creating the address, but after the address is created, Interface Subnet displays in the GUI. However, all the settings are grayed out, except Name and Comments, which can be edited.

When Role is set to LAN or DMZ in the Interface page, the new address object displays on the Policy & Objects > Address > Interface Subnet page.

After the address is created, the subnet is dynamically assigned to the address object, which can be seen in both GUI and CLI. If the interface address changes, the subnet will update dynamically.

config firewall address
    edit "port1 address"
        set type interface-subnet
        set subnet 172.16.200.0 255.255.255.0
        set interface "port1"
    next
end
Previous
Next

Interface subnet

Interface subnet address type enables an address object to be created automatically for the interface with which it is associated. Once created, the address object is updated when the interface IP/netmask changes on the associated interface.

To create the interface subnet address type object, create or edit an interface under Network > Interfaces, and enable the Create address object matching subnet option.

Note

The Create address object matching subnet option is automatically enabled and displayed in the GUI when Role is set to LAN or DMZ.

When you disable the Create address object matching subnet option, the feature is disabled, and the associated firewall address is deleted.
To create an interface subnet:

  1. Go to Network > Interfaces.

  2. Select Create New > Interface or select existing interface and Edit.

  3. Set Role to either LAN or DMZ.

  4. Verify that Create address object matching subnet is available and automatically enabled.

  5. Click OK.

The following is an example of how to configure an interface subnet firewall address on the CLI:

config firewall address
    edit "port1 address"
        set type interface-subnet
        set interface "port1"
    next
end

Interface subnet addresses are automatically created when Role is set to LAN or DMZ in the Interface page, or you can manually configure interface subnet addresses in the CLI. You cannot choose Interface Subnet in the GUI when creating the address, but after the address is created, Interface Subnet displays in the GUI. However, all the settings are grayed out, except Name and Comments, which can be edited.

When Role is set to LAN or DMZ in the Interface page, the new address object displays on the Policy & Objects > Address > Interface Subnet page.

After the address is created, the subnet is dynamically assigned to the address object, which can be seen in both GUI and CLI. If the interface address changes, the subnet will update dynamically.

config firewall address
    edit "port1 address"
        set type interface-subnet
        set subnet 172.16.200.0 255.255.255.0
        set interface "port1"
    next
end
Previous
Next