Viewing the address group list Firewall Address
FortiGate Version 4.0 MR1 Administration Guide
424 01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
4 Select OK.
Viewing the address group list
You can organize multiple firewall addresses into an address group to simplify your
firewall policy list. For example, instead of having five identical policies for five different but
related firewall addresses, you might combine the five addresses into a single address
group, which is used by a single firewall policy.
To view the address group list, go to Firewall > Address > Group.
Figure 229: Firewall address group list
Configuring address groups
Because firewall policies require addresses with homogenous network interfaces, address
groups should contain only addresses bound to the same network interface, or to Any —
addresses whose selected interface is Any are bound to a network interface during
creation of a firewall policy, rather than during creation of the firewall address. For
example, if address A1 is associated with port1, and address A2 is associated with port2,
they cannot be grouped. However, if A1 and A2 have an interface of Any, they can be
grouped, even if the addresses involve different networks.
To organize addresses into an address group
1 Go to Firewall > Address > Group.
2 Select Create New.
3 Complete the following:
Tip: You can also create firewall addresses when configuring a firewall policy: Go to
Firewall > Policy, select the appropriate policy tab and then Create New. From the Source
Address list, select Address > Create New.
Create New Add an address group.
If IPv6 Support on GUI is enabled, you can alternatively select Create Options
(the down arrow) located in the Create New button, then select IPv6 Address
Group, to configure an IPv6 firewall address group. For more information on
enabling IPv6 Support on GUI, see “Settings” on page 286.
Group Name The name of the address group.
Members The addresses in the address group.
Delete icon Select to remove the address group. The Delete icon appears only if the address
group is not currently being used by a firewall policy.
Edit icon Select to edit the address group.
To Next Page
Loading...
Need help?
General
