Fortinet black logo

Version:

9.4.0
9.2.0
9.1.0

Version:

8.8.0
8.7.0
8.6.0

Version:

8.5.2
8.3.0

Table of Contents

Administration Guide

9.2.0
9.4.0
9.2.0
9.1.0
8.8.0
8.7.0
8.6.0
8.5.2
8.3.0
Download PDF
Copy Link

Addresses

  1. Click System > Settings.

  2. Expand the System Communication folder.

  3. Select Addresses from the tree.

Introduced in version 9.2, address objects and address group objects are used in the following firewall integrations:

  • FortiGate (SSO or VPN)

These objects are used to determine which firewall should receive SSO messages for hosts connecting to the network. Group objects allow for control over the network ranges and scopes used to filter SSO messages to each firewall.

Address objects can be created by subnet or by IP Range, then combined into address groups. The address groups can then be used within the Model Configuration view of the applicable device to define the scope to be managed. Groups are selected within the model using the SSO Addresses and VPN Addresses drop-down menus. See Model configuration.

Object Auto-Population

By default, the Addresses tables are empty. It is up to the administrator to define the IP address scopes desired for SSO functionality.

Address and group objects will only auto-populate if SSO was configured prior to upgrading to version 9.2 or greater. This is to ensure previous SSO functionality is maintained:

  • Prior to version 9.2, FortiNAC created internal address lists for SSO functionality. The objects are created using the same rules upon upgrade.

  • These rules include reading the FortiGate interface IP scopes and VPN configurations to determine what addresses need to be created.

  • All changes to the objects after they are created must be made manually.

  • Changes take effect during the next endpoint evaluation. This occurs after the L2 poll of the device to which the affected endpoints are connected.

Add or Modify Address Object

Configure using the table below then click OK.

Field

Description

Name

Name of Address object

Message Type

Subnet or IP Range

IP/Netmask

Displays when Message Type Subnet is selected.

Enter desired subnet

<x.x.x.x x.x.x.x>

 

Example: 10.25.24.1 255.255.255.0

IP Range

Displays when Message Type IP Range is selected.

 

Enter IP range

<Starting IP address> – <Ending IP address>

 

Example: 10.25.24.1 – 10.25.24.30

Add or Modify Address Group

Configure using the table below then click OK.

Field Description
Name Name of Address Group
Members Select the drill down menu for existing Address objects or select to create a new address object. Multiple objects can be selected.

Identify the Address Group Using a Specific Address Object

Select the Address Object then select In Use above the Address table.

Example Result:

Address In Use

The Address 'FGT-IT:root:VLAN-BYOD' is in use by the following:

- Network Address Groups

- SSOGRP:FGT-IT:root

Identify the Device Model or VDOM Using a Specific Address Group

Select the Address Object then select In Use above the Address table.

Previous
Next

Addresses

  1. Click System > Settings.

  2. Expand the System Communication folder.

  3. Select Addresses from the tree.

Introduced in version 9.2, address objects and address group objects are used in the following firewall integrations:

  • FortiGate (SSO or VPN)

These objects are used to determine which firewall should receive SSO messages for hosts connecting to the network. Group objects allow for control over the network ranges and scopes used to filter SSO messages to each firewall.

Address objects can be created by subnet or by IP Range, then combined into address groups. The address groups can then be used within the Model Configuration view of the applicable device to define the scope to be managed. Groups are selected within the model using the SSO Addresses and VPN Addresses drop-down menus. See Model configuration.

Object Auto-Population

By default, the Addresses tables are empty. It is up to the administrator to define the IP address scopes desired for SSO functionality.

Address and group objects will only auto-populate if SSO was configured prior to upgrading to version 9.2 or greater. This is to ensure previous SSO functionality is maintained:

  • Prior to version 9.2, FortiNAC created internal address lists for SSO functionality. The objects are created using the same rules upon upgrade.

  • These rules include reading the FortiGate interface IP scopes and VPN configurations to determine what addresses need to be created.

  • All changes to the objects after they are created must be made manually.

  • Changes take effect during the next endpoint evaluation. This occurs after the L2 poll of the device to which the affected endpoints are connected.

Add or Modify Address Object

Configure using the table below then click OK.

Field

Description

Name

Name of Address object

Message Type

Subnet or IP Range

IP/Netmask

Displays when Message Type Subnet is selected.

Enter desired subnet

<x.x.x.x x.x.x.x>

 

Example: 10.25.24.1 255.255.255.0

IP Range

Displays when Message Type IP Range is selected.

 

Enter IP range

<Starting IP address> – <Ending IP address>

 

Example: 10.25.24.1 – 10.25.24.30

Add or Modify Address Group

Configure using the table below then click OK.

Field Description
Name Name of Address Group
Members Select the drill down menu for existing Address objects or select to create a new address object. Multiple objects can be selected.

Identify the Address Group Using a Specific Address Object

Select the Address Object then select In Use above the Address table.

Example Result:

Address In Use

The Address 'FGT-IT:root:VLAN-BYOD' is in use by the following:

- Network Address Groups

- SSOGRP:FGT-IT:root

Identify the Device Model or VDOM Using a Specific Address Group

Select the Address Object then select In Use above the Address table.

Previous
Next