Fortinet white logo
Fortinet white logo

Administration Guide

Address group

Address group

The use of groups is not mandatory. However, adding individual addresses to a policy sometimes becomes tedious. If you use several different addresses with a given policy, these address objects can be grouped into an address group as it is much easier to add or subtract addresses from the group.

Security policies require addresses with homogenous network interfaces. Therefore, address groups should contain only addresses bound to the same network interface or Any.

For example, if address 1.1.1.1 is associated with port1, and address 2.2.2.2 is associated with port2, they cannot be in the same group. However, if 1.1.1.1 and 2.2.2.2 are configured with an interface of Any, they can be grouped, even if the addresses involve different networks.

To create an address group:
  1. Go to Policy & Objects > Addresses and select Address Group.

  2. Go to Create new.

  3. Enter a Name for the address object.

  4. In the Type field, select Group.

  5. Select the + in the Members field. The Select Entries pane opens.

  6. Select members of the group. It is possible to select more than one entry. Select the x icon in the field to remove an entry.

  7. Enable/disable Static route configuration.

  8. Enter any additional information in the Comments field.

  9. Click OK.

Address group

Address group

The use of groups is not mandatory. However, adding individual addresses to a policy sometimes becomes tedious. If you use several different addresses with a given policy, these address objects can be grouped into an address group as it is much easier to add or subtract addresses from the group.

Security policies require addresses with homogenous network interfaces. Therefore, address groups should contain only addresses bound to the same network interface or Any.

For example, if address 1.1.1.1 is associated with port1, and address 2.2.2.2 is associated with port2, they cannot be in the same group. However, if 1.1.1.1 and 2.2.2.2 are configured with an interface of Any, they can be grouped, even if the addresses involve different networks.

To create an address group:
  1. Go to Policy & Objects > Addresses and select Address Group.

  2. Go to Create new.

  3. Enter a Name for the address object.

  4. In the Type field, select Group.

  5. Select the + in the Members field. The Select Entries pane opens.

  6. Select members of the group. It is possible to select more than one entry. Select the x icon in the field to remove an entry.

  7. Enable/disable Static route configuration.

  8. Enter any additional information in the Comments field.

  9. Click OK.