Viewing The Firewall Address List - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Viewing the firewall address list
Viewing the firewall address list
422
When representing hosts by an IP Range, the range indicates hosts with continuous IP
addresses in a subnet, such as 192.168.1.[2-10], or 192.168.1.* to indicate the
complete range of hosts on that subnet. Valid IP Range formats include:
•
x.x.x.x-x.x.x.x, such as 192.168.110.100-192.168.110.120
•
x.x.x.[x-x], such as 192.168.110.[100-120]
•
x.x.x.*, such as 192.168.110.*
When representing hosts by a FQDN, the domain name can be a subdomain, such as
mail.example.com. A single FQDN firewall address may be used to apply a firewall policy
to multiple hosts, as in load balancing and high availability (HA) configurations. FortiGate
units automatically resolve and maintain a record of all addresses to which the FQDN
resolves. Valid FQDN formats include:
•
<host_name>.<second_level_domain_name>.<top_level_domain_name>, such as
mail.example.com
•
<host_name>.<top_level_domain_name>
Caution: Be cautious if employing FQDN firewall addresses. Using a fully qualified domain
name in a firewall policy, while convenient, does present some security risks, because
policy matching then relies on a trusted DNS server. Should the DNS server be
compromised, firewall policies requiring domain name resolution may no longer function
properly.
Note: By default, IPv6 firewall addresses can be configured only in the CLI. For information
on enabling configuration of IPv6 firewall addresses in the web-based manager, see
"Settings" on page
Firewall addresses in the list are grouped by type: IP/Netmask, FQDN, or IPv6.
FortiGate unit default configurations include the all address, which represents any IP
address on any network.
To view the address list, go to Firewall > Address.
Figure 227: Firewall address list
Create Options
Create New
Add a firewall address.
If IPv6 Support on GUI is enabled, you can alternatively select Create Options
(the down arrow) located in the Create New button, then select IPv6 Address, to
configure an IPv6 firewall address. For more information on enabling IPv6
support, see
Name
The name of the firewall address.
286.
"Settings" on page
286.
FortiGate Version 4.0 MR1 Administration Guide
Firewall Address
Delete
Edit
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Advertisement
Table of Contents
