Add the firewall addresses
You need to define the addresses of the VLAN subnets for use in security policies. The FortiGate unit provides one default address, “all”, that you can use when a security policy applies to all addresses as a source or destination of a packet. However, using “all” is less secure and should be avoided when possible.
In this example, the “_Net” part of the address name indicates a range of addresses instead of a unique address. When choosing firewall address names, use informative and unique names.
To add the firewall addresses - web-based manager
1. Go to Firewall Objects > Address > Addresses.
2. Select Create New.
3. Enter the following information and select OK:
Name | VLAN_100_Net |
Type | Subnet |
Subnet / IP Range | 10.1.1.0/255.255.255.0 |
4. Select Create New.
5. Enter the following information and select OK:
Name | VLAN_200_Net |
Type | Subnet |
Subnet / IP Range | 10.1.2.0/255.255.255.0 |
To add the firewall addresses - CLI
config firewall address
edit VLAN_100_Net
set type ipmask
set subnet 10.1.1.0 255.255.255.0
next
edit VLAN_200_Net
set type ipmask
set subnet 10.1.2.0 255.255.255.0
end
See Also