Firewall Address Configuring addresses
FortiGate Version 3.0 MR4 Administration Guide
01-30004-0203-20070102 237
Configuring addresses
Addresses can also be created or edited during firewall policy configuration from
the firewall policy window.
One FQDN may be mapped to multiple machines for load balancing and HA. A
single FQDN firewall policy can be created in which the FortiGate unit
automatically resolves and maintains a record of all addresses to which the FQDN
resolves.
To add an IP address, IP range, or FQDN, go to Firewall > Address, select
Create New.
Figure 132:New address or IP range options
Viewing the address group list
If virtual domains are enabled on the FortiGate unit, address groups are
configured separately for each virtual domain. To access address groups, select a
virtual domain from the list in the main menu.
Organize related addresses into address groups to make it easier to configure
policies. For example, after adding three addresses and configuring them in an
address group, configure a single policy using all three addresses.
To view the address group list, go to Firewall > Address > Group.
!
Caution: Using a fully qualified domain name in a firewall policy, while convenient, does
present some security risks. Be very cautious when using this feature.
Address Name Enter a name to identify the firewall address. Addresses, address
groups, and virtual IPs must have unique names to avoid confusion in
firewall policies.
Type Select the type of address: Subnet/IP Range or FQDN.
Subnet/IP Range Enter the firewall IP address, forward slash, and subnet mask or enter
an IP address range separated by a hyphen
Interface Select the interface or zone you want the IP address to associate with.
Select Any if you want to associate the IP address with the
interface/zone when you create the policy.
Note: If an address group is included in a policy, it cannot be deleted unless it is first
removed from the policy.
To Next Page
Loading...
