Creating an address
To create an address:
- Go to Authentication > Addresses.
- From the +Create New dropdown ,select Address.
The New Address window opens.
- Enter the following information:
Category
Select from the following options:
Address
Proxy Address
Name
Name of the address.
Color
Select Change, and from the color palette choose a color.
Type
From the dropdown, select from the following options when the Category is Address:
Subnet (default)
IP Range
FQDN
addr_type_fqdn-group
Geography
Dynamic
Device (MAC Address)
From the dropdown, select from the following options when the Category is Proxy Address:
Host Regex Match
URL Pattern (default)
URL Category
URL List
HTTP Method
User Agent
HTTP Header
Advanced (Source)
Advanced (Destination)
IP/Netmask
Enter the IP address and the netmask.
Note: The option is only available when the Category is Address and the Type is Subnet.
IP Range
Enter the IP address range.
Note: The option is only available when:
Category is Address and the Type is IP Range.
FQDN
Enter the Fully Qualified Domain Name (FQDN).
Note: The option is only available when:
Category is Address and the Type is FQDN.
Country/Region
From the dropdown, select a country.
Note: The option is only available when:
Category is Address and the Type is Geography.
Sub Type
From the dropdown, select from the following options:
ClearPass
Fabric Connector Address (default)
FortiNAC Tag
FortiVoice Tag
Fortinet Single Sign-On
Switch Controller NAC Policy Tag
To automatically resolve and assign MAC addresses, configure a NAC policy with Switch Controller NAC Policy Tag.
Note: The option is only available when the Category is Address and the Type is Dynamic.
SDN connector
From the dropdown, select an SDN connector or create a new SDN connector.
Use the search bar to look for an SDN connector.
Use the pen icon next to the SDN connector to edit it.
Note: The option is only available when:
Category is Address, Type is Dynamic, and the Subtype is Fabric Connector Address.
SPT (System Posture Token)
From the dropdown, select from the following options:
Checkup
Healthy
Infected
Quarantine
Transient
Unknown (default)
Note: The option is only available when the Category is Address, Type is Dynamic and the Subtype is ClearPass.
FSSO Group
Select +, and in Select Entries, select FSSO groups or create an FSSO group, click Close.
The address for the selected FSSO group is dynamically retrieved.
Use the search bar to look for an FSSO group.
Use the pen icon next to the FSSO group to edit it.
Note: The option is only available when:
Category is Address, Type is Dynamic, and the Sub Type is Fortinet Single Sign-On (FSSO).
MAC address
Enter a MAC address. Select + to add a range of MAC addresses.
Note: The option is only available when:
Category is Address and the Type is Device (MAC Address).
Host
For Proxy Address, from the dropdown, select a host or create a host address, address group, or proxy address.
Use the search bar to look for a host.
Use the pen icon next to the host to edit it.
Note: The option is only available when:
Category is Proxy Address and Type is any option other than Host Regex Match.
URL Path Regex
URL path as a regular expression.
Note: The option is only available when the Category is Proxy Address and the Type is URL Pattern or Advanced (Destination).
Host Regex Pattern
Host name as a regular expression.
Note: The option is only available when the Category is Proxy Address and the Type is Host Regex Match.
URL Category
Select +, and in Select Entries, select web filter categories or create a new external connector.
Use the search bar to look for a URL category.
Note: The option is only available when the Category is Proxy Address and the Type is URL Category or Advanced (Destination).
URL List
From the dropdown, select a URL list.
Use the search bar to look for a URL list.
Note: The option is only available when the Category is Proxy Address and the Type is URL List.
Request Method
Select +, and in Select Entries, select methods, and click Close.
Use the search bar to look for a method.
Note: The option is only available when the Category is Proxy Address and the Type is HTTP Method or Advanced (Source).
User Agent
Select +, and in Select Entries, select web browsers.
Use the search bar to look for a browser.
Note: The option is only available when the Category is Proxy Address and the Type is User Agent or Advanced (Source).
Header Name
Name/Key of the HTTP header.
Note: The option is only available when the Category is Proxy Address and the Type is HTTP Header.
Header Regex
HTTP header value as a regular expression.
Note: The option is only available when the Category is Proxy Address and the Type is HTTP Header.
HTTP header
HTTP header name and value.
Select + to add additional HTTP headers.
Note: The option is only available when the Category is Proxy Address and the Type is Advanced (Source).
Interface
From the dropdown, select an interface or create a new interface.
Note: By default, any is selected.
Use the search bar to look for an interface.
Note: The option is only available when the Category is Address.
Static route configuration
Enable static route configuration to allow the address to be used in a static route.
Note: The option is disabled by default and is only available when the Category is Address and the Type is one of the following:
Subnet
IP Range
FQDN
Comments
Optionally, enter comments about the address.
- Click OK.
Creating an address using the CLI example
-
Enter the following commands in the CLI console:
config firewall address
edit "SSLVPN_TUNNEL_ADDR1" #The address name.
set uuid 1e1315b4-fcbf-51ec-d1be-f59b45e347b9
set type iprange
set start-ip 10.212.134.200
set end-ip 10.212.134.210
next
end