FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 9 - Firewall > Firewall objects > Addresses > Subnet Addresses

Subnet addresses

The subnet type of address is expressed using a host address and a subnet mask. From a strickly mathematical stand point this is the most flexible of the types because it can refer to as little as the address for one computer or as many as all of them.

It is usally used when refering to your own internal addresses because you know what they are and they are usually administered in groups that are nicely deferentiated along the lines of the old A, B, and C classes of IPv4 addresses. They are also addresses that are not likely to change with the changing of Internet Service Providers (ISP).

When representing hosts by an IP address with a netmask, the IP address can represent one or more hosts. For example, a firewall address can be:

  • A single host such as a single computer with the address 192.45.46.45
  • A range of hosts such as all of the hosts on the subnet 192.45.46.1 to 192.45.46.255
  • All hosts, represented by 0.0.0.0 which matches any IP address

The netmask corresponds to the subnet class of the address being added, and can be represented in either dotted decimal or CIDR format. The FortiGate unit automatically converts CIDR formatted netmasks to dotted decimal format. Example formats:

  • Netmask for a class A subnet of 16,777,214 usable addresses: 255.0.0.0, or /8
  • Netmask for a class B subnet of 65,534 usable addresses: 255.255.0.0, or /16
  • Netmask for a class C subnet of 254 usable addresses: 255.255.255.0, or /24
  • Netmask for subnetted class C of 126 usable addresses: 255.255.255.128, or /25
  • Netmask for subnetted class C of 62 usable addresses: 255.255.255.128, or /26
  • Netmask for subnetted class C of 30 usable addresses: 255.255.255.128, or /27
  • Netmask for subnetted class C of 14 usable addresses: 255.255.255.128, or /28
  • Netmask for subnetted class C of 6 usable addresses: 255.255.255.128, or /29
  • Netmask for subnetted class C of 2 usable addresses: 255.255.255.128, or /30
  • Netmask for a single computer: 255.255.255.255, or /32
  • Netmask used with 0.0.0.0 to include all IP addresses: 0.0.0.0, or /0

So for a single host or subnet the valid format of IP address and netmask could be either:

x.x.x.x/x.x.x.x, such as 192.168.1.0/255.255.255.0

or

x.x.x.x/x, such as 192.168.1.0/24

Creating a subnet address

  1. Go to Policy & Objects > Objects > Addresses.
  2. Select Create New.
  • If you use the down arrow next to Create New, select Address.
  1. Choose the Category, “Address”.
  2. Input a Name for the address object.
  3. Select the TypeSubnet from the dropdown menu.
  4. Input the host address and subnet mask in the Subnet / IP Range field.
  5. Select the Interface from the dropdown menu.
  6. Check the Visibility box.
  7. Input any additional information in the Comments field.
  8. Press OK.

Example

Example of a Subnet address for a database server on the DMZ:

Category Address
Name DB_server_1
Type Subnet
Subnet / IP Range 192.168.50.26
Interface DMZ
Visibility [checked]
Comments Database server used by public facing company webservers
 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy