Fortinet white logo
Fortinet white logo

Administration Guide

Allow empty address groups

Allow empty address groups

Address groups with no members can be configured in the GUI, CLI, and through the API. In previous versions of FortiOS, error messages appear for empty address groups and they cannot be configured.

When an address group with no members is configured in a firewall policy, the policy will not match any traffic. In this case, policy matching logic will proceed down the list of firewall policies until matching the implicit deny policy.

To create an empty address group in the GUI:
  1. Go to Policy & Objects > Addresses and select Address Group.

  2. Click Create new .

  3. Enter a name.

  4. Click OK. The This field is required error is not displayed under the Members field, and the group is listed in the Address Group list with no members:

To create an empty address group in the CLI:
config firewall addrgrp
    edit "test-empty-addrgrp4-1"
    next
end

No error message is returned in the console.

Allow empty address groups

Allow empty address groups

Address groups with no members can be configured in the GUI, CLI, and through the API. In previous versions of FortiOS, error messages appear for empty address groups and they cannot be configured.

When an address group with no members is configured in a firewall policy, the policy will not match any traffic. In this case, policy matching logic will proceed down the list of firewall policies until matching the implicit deny policy.

To create an empty address group in the GUI:
  1. Go to Policy & Objects > Addresses and select Address Group.

  2. Click Create new .

  3. Enter a name.

  4. Click OK. The This field is required error is not displayed under the Members field, and the group is listed in the Address Group list with no members:

To create an empty address group in the CLI:
config firewall addrgrp
    edit "test-empty-addrgrp4-1"
    next
end

No error message is returned in the console.