Fortinet white logo
Fortinet white logo

Administration Guide

Address group exclusions

Address group exclusions

Specific IP addresses or ranges can be subtracted from the address group with the Exclude Members setting in IPv4 address groups.

Note

This feature is only supported for IPv4 address groups, and only for addresses with a Type of IP Range or Subnet.

To exclude addresses from an address group using the GUI:
  1. Go to Policy & Objects > Addresses and select Address Group.

  2. Create a new address group, or edit an existing address group.

  3. Enable Exclude Members and click the + to add entries.

  4. Configure the other settings as needed.

  5. Click OK.

    The excluded members are listed in the Exclude Members column. Note that the Exclude Members column is not shown by default, see Column settings.

To exclude addresses from an address group using the CLI:
config firewall addrgrp
    edit <address group>
        set exclude enable
        set exclude-member <address> <address> ... <address>
    next
end

Related Videos

sidebar video

Address Groups with Exclusions

  • 1,171 views
  • 5 years ago

Address group exclusions

Address group exclusions

Specific IP addresses or ranges can be subtracted from the address group with the Exclude Members setting in IPv4 address groups.

Note

This feature is only supported for IPv4 address groups, and only for addresses with a Type of IP Range or Subnet.

To exclude addresses from an address group using the GUI:
  1. Go to Policy & Objects > Addresses and select Address Group.

  2. Create a new address group, or edit an existing address group.

  3. Enable Exclude Members and click the + to add entries.

  4. Configure the other settings as needed.

  5. Click OK.

    The excluded members are listed in the Exclude Members column. Note that the Exclude Members column is not shown by default, see Column settings.

To exclude addresses from an address group using the CLI:
config firewall addrgrp
    edit <address group>
        set exclude enable
        set exclude-member <address> <address> ... <address>
    next
end