- 25 Sep 2023
- 1 Minute to read
- Print
- DarkLight
FortiGate - Add IP Addresses or IP Address Groups
- Updated on 25 Sep 2023
- 1 Minute to read
- Print
- DarkLight
In Forti-OS, you can add single IP addresses (IPv4 or IPv6), and then create groups of these IP addresses. This is required for use in your Firewall policy.
Creating Addresses
Navigate to the Create New Address page.
1. Click 'Policy & Objects'
2. Click 'Addresses'
3. Click 'Create New -> Address'
Once you're on the new address page, complete the form.
Name: Give a description of what the address is.
Type: There are a few types you can set for the address. In this example we're using the 'Subnet' option. Choose the type that is right for you.
IP/Netmask: This can be in two different formats. "IP/CIDR" and "IP space NETMASK" for example
221.121.134.123/32
or
221.121.134.123 255.255.255.254
Interface: Choose if this address is to be limited to any specific interface.
Static Route Configuration: Tick if this is for a static route
Comments: Any comments you feel are needed.
Click OK once done. You can now use this address in a firewall policy, or in an address group.
Creating Address Groups
Navigate to the Create New Address Group page.
1. Click 'Policy & Objects'
2. Click 'Addresses'
3. Click 'Create New -> Address Group'
Category: Choose if this group is IPv4 or IPv6 addresses.
Group Name: Name the group something descriptive.
Color: You can choose the colour of the group for easy identification.
Type: You can make a group of addresses, or a folder to contain them.
Members: Click the + button and then choose all the entries to add to the group.
Exclude Members: You can add exclusions to the group manually here.
Static Route Configuration: Allow the group to be used in a static route.
Comments: Anything that may be helpful can be added here.