Firewall Address Configuring addresses
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 423
http://docs.fortinet.com/ • Feedback
Configuring addresses
You can use one of the following methods to represent hosts in firewall addresses:
IP/Netmask, FQDN, or IPv6.
To add a firewall address
1 Go to Firewall > Address.
2 Select Create New.
If IPv6 Support on GUI is enabled, you can alternatively select the down arrow located
in the Create New button, then select IPv6 Address to configure an IPv6 firewall
address. For information on enabling configuration of IPv6 firewall addresses in the
web-based manager, see “Settings” on page 286.
3 Complete the following:
Figure 228: New address or IP range options
Address / FQDN The IP address and mask, IP address range, or fully qualified domain name.
Interface The interface, zone, or virtual domain (VDOM) to which you bind the IP address.
Delete icon Select to remove the address. The Delete icon appears only if a firewall policy
or address group is not currently using the address.
Edit icon Select to edit the address.
Caution: Be cautious if employing FQDN firewall addresses. Using a fully qualified domain
name in a firewall policy, while convenient, does present some security risks, because
policy matching then relies on a trusted DNS server. Should the DNS server be
compromised, firewall policies requiring domain name resolution may no longer function
properly.
Note: By default, IPv6 firewall addresses can be configured only in the CLI. For information
on enabling configuration of IPv6 firewall addresses in the web-based manager, see
“Settings” on page 286.
Address Name Enter a name to identify the firewall address. Addresses, address groups, and
virtual IPs must have unique names.
Type Select the type of address: Subnet/IP Range or FQDN. You can enter either
an IP range or an IP address with subnet mask.
Subnet / IP
Range
Enter the firewall IP address, followed by a forward slash (/), then subnet
mask, or enter an IP address range separated by a hyphen.
Interface Select the interface, zone, or virtual domain (VDOM) link to which you want to
bind the IP address. Select Any if you want to bind the IP address with the
interface/zone when you create a firewall policy.
To Next Page
Loading...
Need help?
General