Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config global-dns-server address-group

Use this command to configure the source and destination IP addresses that are the matching criteria for DNS policies. The system includes the predefined address groups any and none.

Before you begin:

  • You must have read-write permission for global load balancing settings.

After you have configured an address group, you can specify it in the DNS64 and DNS policy configurations.

Syntax

config global-dns-server address-group

edit <name>

config member

edit <No.>

set action {include|exclude}

set addr-type {ipv4|ipv6}

set ip-network <ip&netmask>

set ip6-network <ip&netmask>

next

end

next

end

action

  • include—The rule logic creates an address object that includes addresses matching the specified address block.
  • exclude—The rule logic creates an address object that excludes addresses matching the specified address block.

addr-type

IPv4 or IPv6

ip-network

Address/mask notation to match the IP address in the packet header.

Create objects to match source IPv4 address and different objects to match destination IPv4 address.

ip6-network

Address/mask notation to match the IPv6 address in the packet header.

Create objects to match source IPv6 address and different objects to match destination IPv6 address.

Example

FortiADC-VM # config global-dns-server address-group

FortiADC-VM (address-group) # edit campus

Add new entry 'campus' for node 2206

 

FortiADC-VM (campus) # config member

FortiADC-VM (member) # edit 1

Add new entry '1' for node 2209

 

FortiADC-VM (1) # get

action : include

addr-type : ipv4

ip-network : 0.0.0.0/0

 

FortiADC-VM (1) # set ip-network 192.0.2.0/24

FortiADC-VM (1) # end

FortiADC-VM (campus) # end

 

FortiADC-VM # config global-dns-server address-group

FortiADC-VM (address-group) # edit branch

Add new entry 'branch' for node 2206

 

FortiADC-VM (branch) # config member

FortiADC-VM (member) # edit 1

Add new entry '1' for node 2209

FortiADC-VM (1) # set ip-network 198.51.100.0/24

FortiADC-VM (1) # end

FortiADC-VM (branch) # end

 

FortiADC-VM # show global-dns-server address-group

config global-dns-server address-group

edit "campus"

config member

edit 1

set ip-network 192.0.2.0/24

next

end

next

edit "branch"

config member

edit 1

set ip-network 198.51.100.0/24

next

end

next

end

 

config global-dns-server address-group

Use this command to configure the source and destination IP addresses that are the matching criteria for DNS policies. The system includes the predefined address groups any and none.

Before you begin:

  • You must have read-write permission for global load balancing settings.

After you have configured an address group, you can specify it in the DNS64 and DNS policy configurations.

Syntax

config global-dns-server address-group

edit <name>

config member

edit <No.>

set action {include|exclude}

set addr-type {ipv4|ipv6}

set ip-network <ip&netmask>

set ip6-network <ip&netmask>

next

end

next

end

action

  • include—The rule logic creates an address object that includes addresses matching the specified address block.
  • exclude—The rule logic creates an address object that excludes addresses matching the specified address block.

addr-type

IPv4 or IPv6

ip-network

Address/mask notation to match the IP address in the packet header.

Create objects to match source IPv4 address and different objects to match destination IPv4 address.

ip6-network

Address/mask notation to match the IPv6 address in the packet header.

Create objects to match source IPv6 address and different objects to match destination IPv6 address.

Example

FortiADC-VM # config global-dns-server address-group

FortiADC-VM (address-group) # edit campus

Add new entry 'campus' for node 2206

 

FortiADC-VM (campus) # config member

FortiADC-VM (member) # edit 1

Add new entry '1' for node 2209

 

FortiADC-VM (1) # get

action : include

addr-type : ipv4

ip-network : 0.0.0.0/0

 

FortiADC-VM (1) # set ip-network 192.0.2.0/24

FortiADC-VM (1) # end

FortiADC-VM (campus) # end

 

FortiADC-VM # config global-dns-server address-group

FortiADC-VM (address-group) # edit branch

Add new entry 'branch' for node 2206

 

FortiADC-VM (branch) # config member

FortiADC-VM (member) # edit 1

Add new entry '1' for node 2209

FortiADC-VM (1) # set ip-network 198.51.100.0/24

FortiADC-VM (1) # end

FortiADC-VM (branch) # end

 

FortiADC-VM # show global-dns-server address-group

config global-dns-server address-group

edit "campus"

config member

edit 1

set ip-network 192.0.2.0/24

next

end

next

edit "branch"

config member

edit 1

set ip-network 198.51.100.0/24

next

end

next

end