Fortinet white logo
Fortinet white logo

Administration Guide

ADOM-level metadata variables

ADOM-level metadata variables

ADOM-level metadata variables can be used as variables in scripts, templates, firewall address objects, IP pools, and VIPs.

You can configure ADOM-level metadata variables in Policy & Objects > Object Configurations > Advanced > Metadata Variables. Metadata variables configured in this way are only available in the ADOMs in which they were created.

ADOM-level metadata variables can also be created in the Global Database ADOM. When creating ADOM-level metadata variables in the Global Database, you can configure per-ADOM mapping to assign specific values to all devices within an ADOM.

Using the More option in the toolbar, you can clone, group, import, and export metadata variables, as well as see where they are being used.

Note

In order to create metadata variables in Policy & Objects, Metadata Variables must first be enabled in Tools > Display Options.

To create an ADOM-level metadata variable:
  1. Go to Policy & Objects > Object Configurations > Advanced > Metadata Variables.
  2. Click Create New.
    The Create New Metadata Variables window opens.
  3. Enter the following information:
    NameEnter a name for the metadata variable.
    DescriptionOptionally, enter a description.
    Default ValueSet the default value for the variable. The default value is used whenever a per-device mapping is unavailable.

    Per-ADOM Mapping

    This setting is only available in the Global Database ADOM.

    Toggle ON to enable per-ADOM mapping. When enabled, click Create New to map an ADOM to a Value. This value will be applied to all devices in the selected ADOM.

    Per-Device Mapping

    This setting is not available in the Global Database ADOM.

    Toggle ON to enable per-device mapping. When enabled, you can configure specific value for each device by clicking Create New beneath Per-Device Mapping and specifying the Mapped Device and Value.

    Revision

    Enter a change note.

  4. Click OK to save the metadata variable.
    You can now use the ADOM's configured variable(s) in provisioning templates created in Device Manager.
    To configure metadata variable device assignment from the Device Manager, right-click on a managed device in the table and click Edit Variable Mapping.
To export and import metadata variables:
  1. Go to Policy & Objects > Object Configurations > Advanced > Metadata Variables.
  2. Select More in the toolbar and click Export Metadata Variables.
    The metadata variables are exported into a JSON format file.
  3. In a second ADOM, go to Policy & Objects > Object Configurations > Advanced > Metadata Variables.
  4. Select More from the toolbar and click Import Metadata Variables.
  5. Browse to your exported JSON file, or drag and drop it into the file selector, and click Import.
To use a metadata variable in dynamic objects:
  1. Go to Policy & Objects > Object Configurations.
  2. Create or edit a Firewall Address, IP Pool, or Virtual IP object.
  3. Add the metadata in a text field using the following format: $<metadata_variable_name> .
    When $ is typed into a supported text field, available metadata variables are displayed for selection. You can click the add button to create a new metadata variable.

    For example, when creating a firewall address, you can use a meatadata variable in the IP/Netmask field.

    When using metadata variables in an object, per-device mappings are no long requried.

ADOM-level metadata variables

ADOM-level metadata variables

ADOM-level metadata variables can be used as variables in scripts, templates, firewall address objects, IP pools, and VIPs.

You can configure ADOM-level metadata variables in Policy & Objects > Object Configurations > Advanced > Metadata Variables. Metadata variables configured in this way are only available in the ADOMs in which they were created.

ADOM-level metadata variables can also be created in the Global Database ADOM. When creating ADOM-level metadata variables in the Global Database, you can configure per-ADOM mapping to assign specific values to all devices within an ADOM.

Using the More option in the toolbar, you can clone, group, import, and export metadata variables, as well as see where they are being used.

Note

In order to create metadata variables in Policy & Objects, Metadata Variables must first be enabled in Tools > Display Options.

To create an ADOM-level metadata variable:
  1. Go to Policy & Objects > Object Configurations > Advanced > Metadata Variables.
  2. Click Create New.
    The Create New Metadata Variables window opens.
  3. Enter the following information:
    NameEnter a name for the metadata variable.
    DescriptionOptionally, enter a description.
    Default ValueSet the default value for the variable. The default value is used whenever a per-device mapping is unavailable.

    Per-ADOM Mapping

    This setting is only available in the Global Database ADOM.

    Toggle ON to enable per-ADOM mapping. When enabled, click Create New to map an ADOM to a Value. This value will be applied to all devices in the selected ADOM.

    Per-Device Mapping

    This setting is not available in the Global Database ADOM.

    Toggle ON to enable per-device mapping. When enabled, you can configure specific value for each device by clicking Create New beneath Per-Device Mapping and specifying the Mapped Device and Value.

    Revision

    Enter a change note.

  4. Click OK to save the metadata variable.
    You can now use the ADOM's configured variable(s) in provisioning templates created in Device Manager.
    To configure metadata variable device assignment from the Device Manager, right-click on a managed device in the table and click Edit Variable Mapping.
To export and import metadata variables:
  1. Go to Policy & Objects > Object Configurations > Advanced > Metadata Variables.
  2. Select More in the toolbar and click Export Metadata Variables.
    The metadata variables are exported into a JSON format file.
  3. In a second ADOM, go to Policy & Objects > Object Configurations > Advanced > Metadata Variables.
  4. Select More from the toolbar and click Import Metadata Variables.
  5. Browse to your exported JSON file, or drag and drop it into the file selector, and click Import.
To use a metadata variable in dynamic objects:
  1. Go to Policy & Objects > Object Configurations.
  2. Create or edit a Firewall Address, IP Pool, or Virtual IP object.
  3. Add the metadata in a text field using the following format: $<metadata_variable_name> .
    When $ is typed into a supported text field, available metadata variables are displayed for selection. You can click the add button to create a new metadata variable.

    For example, when creating a firewall address, you can use a meatadata variable in the IP/Netmask field.

    When using metadata variables in an object, per-device mappings are no long requried.