Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config system isp-addr

Use this command to amend the predefined and restored ISP address books, or to configure new ISP address books.

The following policies use the ISP address book objects:

  • ISP routes
  • LLB proximity routes
  • LLB policies
  • GLB data center configuration

ISP address books contain IP subnet addresses and associated province location settings for ISP links. The province setting is used in GLB deployments in China to enable location awareness that is province-specific. For example, a user can be directed to a datacenter in Beijing or Guangdong rather than simply China.

Figure  4 shows the three types of address book entries:

  • Predefined—Addresses and associated province location settings for China Mobile, China Telecom, and China Unicom. The IP subnet addresses in the predefined address books are not exposed in the user interface. The predefined package is provided to make it easier for you to configure a route when all you know and all you need to know is the name of the ISP that hosts the link.
  • Restored—Addresses imported from a text file. The IP subnet addresses in the restored address books are not exposed in the user interface. “Restored” addresses can help you rapidly build an ISP address book configuration.
  • User-defined—In the ISP address configuration, you can modify the predefined and restored address books by specifying subnets to add or exclude from them. This gives you flexibility in case you encounter address conflicts or the ISP instructs you to add a subnet address manually. You can also create new user-defined entries for other ISPs.
In systems with multiple VDOMs, these commands apply to the current VDOM only. In other words, if you configure an exclusion, it is applicable to the current VDOM only; it does not change the predefined address book.

You can use the execute isplookup command to see whether an IP address belongs to any of the address books. If an address is can be found in more than one address book, the results are returned in the following priority: user-defined, restored, predefined.

ISP address book types

The text file for the Restored entries has the following format:

#this is a comment line

ISP name:ABC

Province:Beijing

1.1.1.0/24

Province:Unknown

2.2.0.0 255.255.0.0

#this is a comment line too

3.3.3.3/32

ISP name:DEF

Province:Shanghai

4.4.4.0 255.255.255.0

5.5.0.0/16

You use the execute restore command to import the file and the execute backup command to export it.

You use the execute clean command to erase entries that were imported from the text file. The clean operation does not affect the predefined addresses or user-configured entries. If a restored entry has user-configured elements (for example, an exclude list), the clean operation clears the addresses but preserves the configuration and converts it to a user-defined type.

Basic Steps
  1. Create address objects.
  2. Specify them when you configure your policies.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config system isp-addr

edit china-mobile

config exclude-address

edit <No.>

set ip-netmask <ip&netmask>

next

end

config address

edit <No.>

set ip-netmask <ip&netmask>

set province <datasource>

next

end

next

edit china-telecom

config exclude-address

edit <No.>

set ip-netmask <ip&netmask>

next

end

config address

edit <No.>

set ip-netmask <ip&netmask>

set province <datasource>

next

end

next

edit china-unicom

config exclude-address

edit <No.>

set ip-netmask <ip&netmask>

next

end

config address

edit <No.>

set ip-netmask <ip&netmask>

set province <datasource>

next

end

next

edit <name>

config address

edit <No.>

set ip-netmask <ip&netmask>

set province <datasource>

next

end

next

end

 

ip-netmask

Specify addresses to exclude or add using the address/mask notation.

province

 

Specify the associated province location. The configuration supports the following selections:

Anhui

Beijing

Chongqing

Fujian

Gansu

Guangdong

Guangxi

Guizhou

Hainan

Hebei

Heilongjiang

Henan

Hubei

Hunan

Jiangsu

Jiangxi

Jilin Liaoning

Neimenggu

Ningxia

Qinghai

Shandong

Shanghai

Shanxi(taiyuan)

Shanxi(xian)

Sichuan

Tianjin

Xianggang

Xinjiang

Xizang

Yunnan

Zhejiang

Unknown

Note: Each VDOM can have up to 32 main entries.

Example

FortiADC-VM # config system isp-addr

FortiADC-VM (isp-addr) # edit china-mobile

FortiADC-VM (china-mobile) # get

type : predef

 

FortiADC-VM (china-mobile) # config address

 

FortiADC-VM (address) # edit 1

Add new entry '1' for node 2739

 

FortiADC-VM (1) # get

ip-netmask : 0.0.0.0/0

province :

 

FortiADC-VM (1) # set ip-netmask 192.168.1.0/24

FortiADC-VM (1) # set province Beijing

FortiADC-VM (1) # end

FortiADC-VM (china-mobile) # end

 

See also

config system isp-addr

Use this command to amend the predefined and restored ISP address books, or to configure new ISP address books.

The following policies use the ISP address book objects:

  • ISP routes
  • LLB proximity routes
  • LLB policies
  • GLB data center configuration

ISP address books contain IP subnet addresses and associated province location settings for ISP links. The province setting is used in GLB deployments in China to enable location awareness that is province-specific. For example, a user can be directed to a datacenter in Beijing or Guangdong rather than simply China.

Figure  4 shows the three types of address book entries:

  • Predefined—Addresses and associated province location settings for China Mobile, China Telecom, and China Unicom. The IP subnet addresses in the predefined address books are not exposed in the user interface. The predefined package is provided to make it easier for you to configure a route when all you know and all you need to know is the name of the ISP that hosts the link.
  • Restored—Addresses imported from a text file. The IP subnet addresses in the restored address books are not exposed in the user interface. “Restored” addresses can help you rapidly build an ISP address book configuration.
  • User-defined—In the ISP address configuration, you can modify the predefined and restored address books by specifying subnets to add or exclude from them. This gives you flexibility in case you encounter address conflicts or the ISP instructs you to add a subnet address manually. You can also create new user-defined entries for other ISPs.
In systems with multiple VDOMs, these commands apply to the current VDOM only. In other words, if you configure an exclusion, it is applicable to the current VDOM only; it does not change the predefined address book.

You can use the execute isplookup command to see whether an IP address belongs to any of the address books. If an address is can be found in more than one address book, the results are returned in the following priority: user-defined, restored, predefined.

ISP address book types

The text file for the Restored entries has the following format:

#this is a comment line

ISP name:ABC

Province:Beijing

1.1.1.0/24

Province:Unknown

2.2.0.0 255.255.0.0

#this is a comment line too

3.3.3.3/32

ISP name:DEF

Province:Shanghai

4.4.4.0 255.255.255.0

5.5.0.0/16

You use the execute restore command to import the file and the execute backup command to export it.

You use the execute clean command to erase entries that were imported from the text file. The clean operation does not affect the predefined addresses or user-configured entries. If a restored entry has user-configured elements (for example, an exclude list), the clean operation clears the addresses but preserves the configuration and converts it to a user-defined type.

Basic Steps
  1. Create address objects.
  2. Specify them when you configure your policies.

Before you begin:

  • You must have read-write permission for system settings.

Syntax

config system isp-addr

edit china-mobile

config exclude-address

edit <No.>

set ip-netmask <ip&netmask>

next

end

config address

edit <No.>

set ip-netmask <ip&netmask>

set province <datasource>

next

end

next

edit china-telecom

config exclude-address

edit <No.>

set ip-netmask <ip&netmask>

next

end

config address

edit <No.>

set ip-netmask <ip&netmask>

set province <datasource>

next

end

next

edit china-unicom

config exclude-address

edit <No.>

set ip-netmask <ip&netmask>

next

end

config address

edit <No.>

set ip-netmask <ip&netmask>

set province <datasource>

next

end

next

edit <name>

config address

edit <No.>

set ip-netmask <ip&netmask>

set province <datasource>

next

end

next

end

 

ip-netmask

Specify addresses to exclude or add using the address/mask notation.

province

 

Specify the associated province location. The configuration supports the following selections:

Anhui

Beijing

Chongqing

Fujian

Gansu

Guangdong

Guangxi

Guizhou

Hainan

Hebei

Heilongjiang

Henan

Hubei

Hunan

Jiangsu

Jiangxi

Jilin Liaoning

Neimenggu

Ningxia

Qinghai

Shandong

Shanghai

Shanxi(taiyuan)

Shanxi(xian)

Sichuan

Tianjin

Xianggang

Xinjiang

Xizang

Yunnan

Zhejiang

Unknown

Note: Each VDOM can have up to 32 main entries.

Example

FortiADC-VM # config system isp-addr

FortiADC-VM (isp-addr) # edit china-mobile

FortiADC-VM (china-mobile) # get

type : predef

 

FortiADC-VM (china-mobile) # config address

 

FortiADC-VM (address) # edit 1

Add new entry '1' for node 2739

 

FortiADC-VM (1) # get

ip-netmask : 0.0.0.0/0

province :

 

FortiADC-VM (1) # set ip-netmask 192.168.1.0/24

FortiADC-VM (1) # set province Beijing

FortiADC-VM (1) # end

FortiADC-VM (china-mobile) # end

 

See also