config firewall address
Description: Configure IPv4 addresses.
edit <name>
set uuid {uuid}
set subnet {ipv4-classnet-any}
set type [ipmask|iprange|...]
set sub-type [sdn|clearpass-spt|...]
set clearpass-spt [unknown|healthy|...]
set start-mac {mac-address}
set end-mac {mac-address}
set start-ip {ipv4-address-any}
set end-ip {ipv4-address-any}
set fqdn {string}
set country {string}
set wildcard-fqdn {string}
set cache-ttl {integer}
set wildcard {ipv4-classnet-any}
set sdn {string}
set fsso-group <name1>, <name2>, ...
set interface {string}
set tenant {string}
set organization {string}
set epg-name {string}
set subnet-name {string}
set sdn-tag {string}
set policy-group {string}
set obj-tag {string}
set obj-type [ip|mac]
set comment {var-string}
set associated-interface {string}
set color {integer}
set filter {var-string}
set sdn-addr-type [private|public|...]
set obj-id {var-string}
config list
Description: IP address list.
edit <ip>
next
end
config tagging
Description: Config object tagging.
edit <name>
set category {string}
set tags <name1>, <name2>, ...
next
end
set allow-routing [enable|disable]
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
uuid | Universally Unique Identifier (UUID; automatically assigned but can be manually reset). | uuid | Not Specified |
subnet | IP address and subnet mask of address. | ipv4-classnet-any | Not Specified |
type | Type of address. ipmask: Standard IPv4 address with subnet mask. iprange: Range of IPv4 addresses between two specified addresses (inclusive). fqdn: Fully Qualified Domain Name address. geography: IP addresses from a specified country. wildcard: Standard IPv4 using a wildcard subnet mask. dynamic: Dynamic address object. interface-subnet: IP and subnet of interface. mac: Range of MAC addresses. |
option | - |
sub-type | Sub-type of address. sdn: SDN address. clearpass-spt: ClearPass SPT (System Posture Token) address. fsso: FSSO address. ems-tag: FortiClient EMS tag. |
option | - |
clearpass-spt | SPT (System Posture Token) value. unknown: UNKNOWN. healthy: HEALTHY. quarantine: QUARANTINE. checkup: CHECKUP. transient: TRANSIENT. infected: INFECTED. |
option | - |
start-mac | First MAC address in the range. | mac-address | Not Specified |
end-mac | Last MAC address in the range. | mac-address | Not Specified |
start-ip | First IP address (inclusive) in the range for the address. | ipv4-address-any | Not Specified |
end-ip | Final IP address (inclusive) in the range for the address. | ipv4-address-any | Not Specified |
fqdn | Fully Qualified Domain Name address. | string | Maximum length: 255 |
country | IP addresses associated to a specific country. | string | Maximum length: 2 |
wildcard-fqdn | Fully Qualified Domain Name with wildcard characters. | string | Maximum length: 255 |
cache-ttl | Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. | integer | Minimum value: 0 Maximum value: 86400 |
wildcard | IP address and wildcard netmask. | ipv4-classnet-any | Not Specified |
sdn | SDN. | string | Maximum length: 35 |
fsso-group <name> |
FSSO group(s). FSSO group name. |
string | Maximum length: 511 |
interface | Name of interface whose IP address is to be used. | string | Maximum length: 35 |
tenant | Tenant. | string | Maximum length: 35 |
organization | Organization domain name (Syntax: organization/domain). | string | Maximum length: 35 |
epg-name | Endpoint group name. | string | Maximum length: 255 |
subnet-name | Subnet name. | string | Maximum length: 255 |
sdn-tag | SDN Tag. | string | Maximum length: 15 |
policy-group | Policy group name. | string | Maximum length: 15 |
obj-tag | Tag of dynamic address object. | string | Maximum length: 255 |
obj-type | Object type. ip: IP address. mac: MAC address |
option | - |
comment | Comment. | var-string | Maximum length: 255 |
associated-interface | Network interface associated with address. | string | Maximum length: 35 |
color | Color of icon on the GUI. | integer | Minimum value: 0 Maximum value: 32 |
filter | Match criteria filter. | var-string | Maximum length: 2047 |
sdn-addr-type | Type of addresses to collect. private: Collect private addresses only. public: Collect public addresses only. all: Collect both public and private addresses. |
option | - |
obj-id | Object ID for NSX. | var-string | Maximum length: 255 |
allow-routing | Enable/disable use of this address in the static route configuration. enable: Enable use of this address in the static route configuration. disable: Disable use of this address in the static route configuration. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
category | Tag category. | string | Maximum length: 63 |
tags <name> |
Tags. Tag name. |
string | Maximum length: 79 |
config firewall address
Description: Configure IPv4 addresses.
edit <name>
set uuid {uuid}
set subnet {ipv4-classnet-any}
set type [ipmask|iprange|...]
set sub-type [sdn|clearpass-spt|...]
set clearpass-spt [unknown|healthy|...]
set start-mac {mac-address}
set end-mac {mac-address}
set start-ip {ipv4-address-any}
set end-ip {ipv4-address-any}
set fqdn {string}
set country {string}
set wildcard-fqdn {string}
set cache-ttl {integer}
set wildcard {ipv4-classnet-any}
set sdn {string}
set fsso-group <name1>, <name2>, ...
set interface {string}
set tenant {string}
set organization {string}
set epg-name {string}
set subnet-name {string}
set sdn-tag {string}
set policy-group {string}
set obj-tag {string}
set obj-type [ip|mac]
set comment {var-string}
set associated-interface {string}
set color {integer}
set filter {var-string}
set sdn-addr-type [private|public|...]
set obj-id {var-string}
config list
Description: IP address list.
edit <ip>
next
end
config tagging
Description: Config object tagging.
edit <name>
set category {string}
set tags <name1>, <name2>, ...
next
end
set allow-routing [enable|disable]
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
uuid | Universally Unique Identifier (UUID; automatically assigned but can be manually reset). | uuid | Not Specified |
subnet | IP address and subnet mask of address. | ipv4-classnet-any | Not Specified |
type | Type of address. ipmask: Standard IPv4 address with subnet mask. iprange: Range of IPv4 addresses between two specified addresses (inclusive). fqdn: Fully Qualified Domain Name address. geography: IP addresses from a specified country. wildcard: Standard IPv4 using a wildcard subnet mask. dynamic: Dynamic address object. interface-subnet: IP and subnet of interface. mac: Range of MAC addresses. |
option | - |
sub-type | Sub-type of address. sdn: SDN address. clearpass-spt: ClearPass SPT (System Posture Token) address. fsso: FSSO address. ems-tag: FortiClient EMS tag. |
option | - |
clearpass-spt | SPT (System Posture Token) value. unknown: UNKNOWN. healthy: HEALTHY. quarantine: QUARANTINE. checkup: CHECKUP. transient: TRANSIENT. infected: INFECTED. |
option | - |
start-mac | First MAC address in the range. | mac-address | Not Specified |
end-mac | Last MAC address in the range. | mac-address | Not Specified |
start-ip | First IP address (inclusive) in the range for the address. | ipv4-address-any | Not Specified |
end-ip | Final IP address (inclusive) in the range for the address. | ipv4-address-any | Not Specified |
fqdn | Fully Qualified Domain Name address. | string | Maximum length: 255 |
country | IP addresses associated to a specific country. | string | Maximum length: 2 |
wildcard-fqdn | Fully Qualified Domain Name with wildcard characters. | string | Maximum length: 255 |
cache-ttl | Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. | integer | Minimum value: 0 Maximum value: 86400 |
wildcard | IP address and wildcard netmask. | ipv4-classnet-any | Not Specified |
sdn | SDN. | string | Maximum length: 35 |
fsso-group <name> |
FSSO group(s). FSSO group name. |
string | Maximum length: 511 |
interface | Name of interface whose IP address is to be used. | string | Maximum length: 35 |
tenant | Tenant. | string | Maximum length: 35 |
organization | Organization domain name (Syntax: organization/domain). | string | Maximum length: 35 |
epg-name | Endpoint group name. | string | Maximum length: 255 |
subnet-name | Subnet name. | string | Maximum length: 255 |
sdn-tag | SDN Tag. | string | Maximum length: 15 |
policy-group | Policy group name. | string | Maximum length: 15 |
obj-tag | Tag of dynamic address object. | string | Maximum length: 255 |
obj-type | Object type. ip: IP address. mac: MAC address |
option | - |
comment | Comment. | var-string | Maximum length: 255 |
associated-interface | Network interface associated with address. | string | Maximum length: 35 |
color | Color of icon on the GUI. | integer | Minimum value: 0 Maximum value: 32 |
filter | Match criteria filter. | var-string | Maximum length: 2047 |
sdn-addr-type | Type of addresses to collect. private: Collect private addresses only. public: Collect public addresses only. all: Collect both public and private addresses. |
option | - |
obj-id | Object ID for NSX. | var-string | Maximum length: 255 |
allow-routing | Enable/disable use of this address in the static route configuration. enable: Enable use of this address in the static route configuration. disable: Disable use of this address in the static route configuration. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
category | Tag category. | string | Maximum length: 63 |
tags <name> |
Tags. Tag name. |
string | Maximum length: 79 |