AnsweredHot!No dumb question: Firewall IPv4 address object

Author
tiktok
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/12 10:46:45
  • Status: offline
2019/08/12 11:03:21 (permalink)
0

No dumb question: Firewall IPv4 address object

the format/syntax for creating an address object on FortiGate (5.x and 6.x) is 
 
Name:
Subnet/IP range:
 
Do you put the IP in the name?
 
If not then would the "Subnet/IP range:" be the place to put the actual IP? and if so would the following be correct syntax ?
 
192.168.10.10/32
or
192.168.10.10 255.255.255.255 
 
 
Thanks in advance
 
 
post edited by tiktok - 2019/08/12 11:39:51
#1
brycemd
Silver Member
  • Total Posts : 75
  • Scores: 4
  • Reward points: 0
  • Joined: 2016/12/03 11:24:30
  • Status: offline
Re: No dumb question: Firewall IPv4 address object 2019/08/12 12:44:15 (permalink) ☼ Best Answerby tiktok 2019/08/12 13:38:45
0
The name is just for your reference.
 
Subnet can be either cidr or full mask:
 
192.168.10.10/32
192.168.10.10/255.255.255.255
 
Or, an IP Range:
192.168.10.10-192.168.10.40
#2
tiktok
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/12 10:46:45
  • Status: offline
Re: No dumb question: Firewall IPv4 address object 2019/08/12 13:39:27 (permalink)
0
Looks like ive been doing it wrong the whole time....................lots fo work to do :) lol
#3
Toshi Esumi
Expert Member
  • Total Posts : 1788
  • Scores: 145
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: No dumb question: Firewall IPv4 address object 2019/08/13 08:22:30 (permalink)
0
BTW, name is not only for human reading, but other part like FW policies refer to it. "set comment <comments>" is only for human reference.
#4
ede_pfau
Expert Member
  • Total Posts : 6127
  • Scores: 496
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: No dumb question: Firewall IPv4 address object 2019/08/13 11:24:43 (permalink)
0
Yap, you can use an address object in a static route...so choose wisely.
 
I use hostnames for hosts (/32), "net-XXX" for subnets, "net-<city>" for VPN remote subnets etc. Just as examples.

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#5
Jump to:
© 2019 APG vNext Commercial Version 5.5