Fortinet white logo
Fortinet white logo

CLI Reference

config firewall ippool

config firewall ippool

Configure IPv4 IP pools.

config firewall ippool

Description: Configure IPv4 IP pools.

edit <name>

set type [overload|one-to-one|...]

set startip {ipv4-address-any}

set endip {ipv4-address-any}

set startport {integer}

set endport {integer}

set source-startip {ipv4-address-any}

set source-endip {ipv4-address-any}

set block-size {integer}

set port-per-user {integer}

set num-blocks-per-user {integer}

set pba-timeout {integer}

set permit-any-host [disable|enable]

set arp-reply [disable|enable]

set arp-intf {string}

set associated-interface {string}

set comments {var-string}

set nat64 [disable|enable]

set add-nat64-route [disable|enable]

set subnet-broadcast-in-ippool [disable|enable]

next

end

config firewall ippool

Parameter

Description

Type

Size

Default

type

IP pool type (overload, one-to-one, fixed port range, or port block allocation).

option

-

overload

Option

Description

overload

IP addresses in the IP pool can be shared by clients.

one-to-one

One to one mapping.

fixed-port-range

Fixed port range.

port-block-allocation

Port block allocation.

startip

First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

endip

Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

startport

First port number (inclusive) in the range for the address pool (Default: 5117).

integer

Minimum value: 5117 Maximum value: 65533

5117

endport

Final port number (inclusive) in the range for the address pool (Default: 65533).

integer

Minimum value: 5117 Maximum value: 65533

65533

source-startip

First IPv4 address .

ipv4-address-any

Not Specified

0.0.0.0

source-endip

Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

block-size

Number of addresses in a block .

integer

Minimum value: 64 Maximum value: 4096

128

port-per-user

Number of port for each user .

integer

Minimum value: 32 Maximum value: 60416

0

num-blocks-per-user

Number of addresses blocks that can be used by a user .

integer

Minimum value: 1 Maximum value: 128

8

pba-timeout

Port block allocation timeout (seconds).

integer

Minimum value: 3 Maximum value: 300

30

permit-any-host

Enable/disable full cone NAT.

option

-

disable

Option

Description

disable

Disable full cone NAT.

enable

Enable full cone NAT.

arp-reply

Enable/disable replying to ARP requests when an IP Pool is added to a policy .

option

-

enable

Option

Description

disable

Disable ARP reply.

enable

Enable ARP reply.

arp-intf

Select an interface from available options that will reply to ARP requests. (If blank, any is selected).

string

Not Specified

associated-interface

Associated interface name.

string

Not Specified

comments

Comment.

var-string

Not Specified

nat64

Enable/disable NAT64.

option

-

disable

Option

Description

disable

Disable DNAT64.

enable

Enable DNAT64.

add-nat64-route

Enable/disable adding NAT64 route.

option

-

enable

Option

Description

disable

Disable adding NAT64 route.

enable

Enable adding NAT64 route.

subnet-broadcast-in-ippool

Enable/disable inclusion of the subnetwork address and broadcast IP address in the NAT64 IP pool.

option

-

enable

Option

Description

disable

Do not include the subnetwork address and broadcast IP address in the NAT64 IP pool.

enable

Include the subnetwork address and broadcast IP address in the NAT64 IP pool.

config firewall ippool

config firewall ippool

Configure IPv4 IP pools.

config firewall ippool

Description: Configure IPv4 IP pools.

edit <name>

set type [overload|one-to-one|...]

set startip {ipv4-address-any}

set endip {ipv4-address-any}

set startport {integer}

set endport {integer}

set source-startip {ipv4-address-any}

set source-endip {ipv4-address-any}

set block-size {integer}

set port-per-user {integer}

set num-blocks-per-user {integer}

set pba-timeout {integer}

set permit-any-host [disable|enable]

set arp-reply [disable|enable]

set arp-intf {string}

set associated-interface {string}

set comments {var-string}

set nat64 [disable|enable]

set add-nat64-route [disable|enable]

set subnet-broadcast-in-ippool [disable|enable]

next

end

config firewall ippool

Parameter

Description

Type

Size

Default

type

IP pool type (overload, one-to-one, fixed port range, or port block allocation).

option

-

overload

Option

Description

overload

IP addresses in the IP pool can be shared by clients.

one-to-one

One to one mapping.

fixed-port-range

Fixed port range.

port-block-allocation

Port block allocation.

startip

First IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

endip

Final IPv4 address (inclusive) in the range for the address pool (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

startport

First port number (inclusive) in the range for the address pool (Default: 5117).

integer

Minimum value: 5117 Maximum value: 65533

5117

endport

Final port number (inclusive) in the range for the address pool (Default: 65533).

integer

Minimum value: 5117 Maximum value: 65533

65533

source-startip

First IPv4 address .

ipv4-address-any

Not Specified

0.0.0.0

source-endip

Final IPv4 address (inclusive) in the range of the source addresses to be translated (format xxx.xxx.xxx.xxx, Default: 0.0.0.0).

ipv4-address-any

Not Specified

0.0.0.0

block-size

Number of addresses in a block .

integer

Minimum value: 64 Maximum value: 4096

128

port-per-user

Number of port for each user .

integer

Minimum value: 32 Maximum value: 60416

0

num-blocks-per-user

Number of addresses blocks that can be used by a user .

integer

Minimum value: 1 Maximum value: 128

8

pba-timeout

Port block allocation timeout (seconds).

integer

Minimum value: 3 Maximum value: 300

30

permit-any-host

Enable/disable full cone NAT.

option

-

disable

Option

Description

disable

Disable full cone NAT.

enable

Enable full cone NAT.

arp-reply

Enable/disable replying to ARP requests when an IP Pool is added to a policy .

option

-

enable

Option

Description

disable

Disable ARP reply.

enable

Enable ARP reply.

arp-intf

Select an interface from available options that will reply to ARP requests. (If blank, any is selected).

string

Not Specified

associated-interface

Associated interface name.

string

Not Specified

comments

Comment.

var-string

Not Specified

nat64

Enable/disable NAT64.

option

-

disable

Option

Description

disable

Disable DNAT64.

enable

Enable DNAT64.

add-nat64-route

Enable/disable adding NAT64 route.

option

-

enable

Option

Description

disable

Disable adding NAT64 route.

enable

Enable adding NAT64 route.

subnet-broadcast-in-ippool

Enable/disable inclusion of the subnetwork address and broadcast IP address in the NAT64 IP pool.

option

-

enable

Option

Description

disable

Do not include the subnetwork address and broadcast IP address in the NAT64 IP pool.

enable

Include the subnetwork address and broadcast IP address in the NAT64 IP pool.