Name: Fortinet FortiGate Series
Brand: Fortinet
Rating: 4 (1 reviews)

To Next Page

To Previous Page

Viewing the firewall address list Firewall Address

FortiGate Version 4.0 MR1 Administration Guide

422 01-410-89802-20090903

http://docs.fortinet.com/ • Feedback

When representing hosts by an IP Range, the range indicates hosts with continuous IP

addresses in a subnet, such as 192.168.1.[2-10], or 192.168.1.* to indicate the

complete range of hosts on that subnet. Valid IP Range formats include:

• x.x.x.x-x.x.x.x, such as 192.168.110.100-192.168.110.120

• x.x.x.[x-x], such as 192.168.110.[100-120]

• x.x.x.*, such as 192.168.110.*

When representing hosts by a FQDN, the domain name can be a subdomain, such as

mail.example.com. A single FQDN firewall address may be used to apply a firewall policy

to multiple hosts, as in load balancing and high availability (HA) configurations. FortiGate

units automatically resolve and maintain a record of all addresses to which the FQDN

resolves. Valid FQDN formats include:

• <host_name>.<second_level_domain_name>.<top_level_domain_name>, such as

mail.example.com

• <host_name>.<top_level_domain_name>

Viewing the firewall address list

Firewall addresses in the list are grouped by type: IP/Netmask, FQDN, or IPv6.

FortiGate unit default configurations include the all address, which represents any IP

address on any network.

To view the address list, go to Firewall > Address.

Figure 227: Firewall address list

Caution: Be cautious if employing FQDN firewall addresses. Using a fully qualified domain

name in a firewall policy, while convenient, does present some security risks, because

policy matching then relies on a trusted DNS server. Should the DNS server be

compromised, firewall policies requiring domain name resolution may no longer function

properly.

Note: By default, IPv6 firewall addresses can be configured only in the CLI. For information

on enabling configuration of IPv6 firewall addresses in the web-based manager, see

“Settings” on page 286.

Create New Add a firewall address.

If IPv6 Support on GUI is enabled, you can alternatively select Create Options

(the down arrow) located in the Create New button, then select IPv6 Address, to

configure an IPv6 firewall address. For more information on enabling IPv6

support, see “Settings” on page 286.

Name The name of the firewall address.

Delete

Edit

Create Options

Fortinet FortiGate Series Administration Guide

Table of Contents

Other manuals for Fortinet FortiGate Series

Questions and Answers:

Fortinet FortiGate Series Specifications

Related product manuals

Brand	Fortinet
Model	FortiGate Series
Category	Firewall
Language	English