FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 9 - Firewall > Building firewall objects and policies > Example: IPv4 Firewall Addresses

Example: IPv4 firewall addresses

Scenario: Mail server

You need to create an IPv4 address for the Mail Server on Port1 of your internal network.

  • These server is on the network off of port1.
  • The IP address is 192.168.1.27
  • The subnet mask is 255.255.255.0
  • There should be a tag for this address being for a server
  1. Go to Policy & Objects> Objects > Addresses and select Create New > Address.
  2. Fill out the fields with the following information:
Category Address
Name Mail_Server
Type Subnet / IP Range
Subnet / IP Range 192.168.1.27/255.255.255.0
Interface port1
Visibility <enabled>
Comments <add any additional discription>
  1. Select OK.
  2. Enter the following CLI command:

config firewall address

edit Mail_Server

set type ipmask

set subnet 192.168.1.27 255.255.255.255

set associated-interface port1

end

Scenario: First floor network

You need to create an IPv4 address for the subnet of the internal network off of Port1.

  • These computers are on the network off of port1.
  • The subnet is the range from 192.168.1.1 to 192.168.1.255.
  • The subnet mask is 255.255.255.0
  • There should be a reference to this being the network for the 1st floor of the building.
  1. Go to Policy & Objects> Objects > Addresses and select Create New > Address.
  2. Fill out the fields with the following information
Category Address
Name Internal_Subnet_1
Type Subnet
Subnet / IP Range 192.168.1.0/24
Interface port1
visibility <enabled>
Comments Network for 1st Floor
  1. Select OK.
  2. Enter the following CLI command:

config firewall address

edit Internal_Subnet_1

Set comment “Network for 1st Floor”

set type ipmask

set subnet 192.168.1.0/24

set associated-interface port1

end

Scenario: Marketing department

You need to create an IPv4 address for the address range for a group of computers used by the Marketing Department.

  • These computers are on the network off of port1.
  • The IP addresses for these computers range from 192.168.1.100 to 192.168.1.115
  1. Go to Policy & Objects> Objects > Addresses and select Create New > Address.
  2. Fill out the fields with the following information
Category Address
Name Marketing_computers
Type IP Range
Subnet / IP Range 192.168.1.100-192.168.1.115
Interface port1
Visibility <enable>
Comments <Input into this field is optional>
  1. Select OK.
  2. Enter the following CLI command:

config firewall address

edit Internal_Subnet_1

set type iprange

set start-ip 192.168.1.100

set end-ip 192.168.1.115

set associated-interface port1

end

Verification

To verify that the addresses were added correctly:

  1. Go to Policy & Objects> Objects > Addresses. Check that the addresses have been added to the address list and that they are correct.
  2. Enter the following CLI command:

config firewall address

edit <the name of the address to verify>

show full-configuration

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy