config firewall address6

Configure IPv6 firewall addresses.

config firewall address6
    Description: Configure IPv6 firewall addresses.
    edit <name>
        config addr-8021x
            Description: 802.1X address. Read-only.
            edit <interface>
                set acct-user {string}
                set ip6 {ipv6-address}
                set mac {string}
                set vlan-id {integer}
            next
        end
        set cache-ttl {integer}
        set color {integer}
        set comment {var-string}
        set country {string}
        set custom-tags <name1>, <name2>, ...
        set display-with [all-tags|first-tag-only|...]
        set end-ip {ipv6-address}
        set epg-name {string}
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set filter {var-string}
        set fqdn {string}
        set host {ipv6-address}
        set host-type [any|specific]
        set ip6 {ipv6-network}
        config list
            Description: IP address list.
            edit <ip>
            next
        end
        set macaddr <macaddr1>, <macaddr2>, ...
        set obj-id {var-string}
        set obj-tag {string}
        set obsolete {integer}
        set passive-fqdn-learning [disable|enable]
        set route-tag {integer}
        set sdn {string}
        set sdn-addr-type [private|public|...]
        set sdn-tag {string}
        set start-ip {ipv6-address}
        set sub-type [sdn|ems-tag|...]
        config subnet-segment
            Description: IPv6 subnet segments.
            edit <name>
                set type [any|specific]
                set value {string}
            next
        end
        set tag-detection-level {string}
        set tag-type {string}
        config tagging
            Description: Config object tagging.
            edit <name>
                set category {string}
                set tags <name1>, <name2>, ...
            next
        end
        set template {string}
        set tenant {string}
        set type [ipprefix|iprange|...]
        set uuid {uuid}
        set wildcard {ipv6-wildcard}
    next
end

config firewall address6

Parameter

Description

Type

Size

Default

cache-ttl

Minimal TTL of individual IPv6 addresses in FQDN cache.

integer

Minimum value: 0 Maximum value: 86400

color

Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1).

integer

Minimum value: 0 Maximum value: 32

comment

Comment.

var-string

Maximum length: 255

country

IPv6 addresses associated to a specific country.

string

Maximum length: 2

custom-tags <name> *

Custom tags.

Names of custom tags used with this address.

string

Maximum length: 35

display-with *

Display object with first tag, all tags, or just the icon.

option

all-tags

Option	Description
all-tags	Display object using all custom tags.
first-tag-only	Display object using first custom tag.
icon-and-color	Display object using icon and color.

end-ip

Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).

ipv6-address

Not Specified

epg-name

Endpoint group name.

string

Maximum length: 255

fabric-force-sync *

Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

option

disable

Option	Description
enable	Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.
disable	Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

fabric-object

Security Fabric global object setting.

option

disable

Option	Description
enable	Object is set as a security fabric-wide global object.
disable	Object is local to this security fabric member.

fabric-object-source *

Source of truth for fabric object.

option

root

Option	Description
member	Source of truth for this object is a non-root member of fabric.
local	Source of truth for this object is this security fabric member.
root	Source of truth for this object is the root of the fabric.

filter

Match criteria filter.

var-string

Maximum length: 2047

fqdn

Fully qualified domain name.

string

Maximum length: 255

host

Host Address.

ipv6-address

Not Specified

host-type

Host type.

option

any

Option	Description
any	Wildcard.
specific	Specific host address.

ip6

IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx).

ipv6-network

Not Specified

::/0

macaddr <macaddr>

Multiple MAC address ranges.

MAC address ranges <start>[-<end>] separated by space.

string

Maximum length: 127

name

Address name.

string

Maximum length: 79

obj-id

Object ID for NSX.

var-string

Maximum length: 255

obj-tag *

Tag of dynamic address object.

string

Maximum length: 255

obsolete *

Indicates whether the address can be used. Read-only.

integer

Minimum value: 0 Maximum value: 4294967295

passive-fqdn-learning

Enable/disable passive learning of FQDNs. When enabled, the FortiGate learns, trusts, and saves FQDNs from endpoint DNS queries (default = enable).

option

enable

Option	Description
disable	Disable passive learning of FQDNs.
enable	Enable passive learning of FQDNs.

route-tag

route-tag address.

integer

Minimum value: 1 Maximum value: 4294967295

sdn

SDN.

string

Maximum length: 35

sdn-addr-type

Type of addresses to collect.

option

private

Option	Description
private	Collect private addresses only.
public	Collect public addresses only.
all	Collect both public and private addresses.

sdn-tag

SDN Tag.

string

Maximum length: 15

start-ip

First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).

ipv6-address

Not Specified

sub-type *

Sub-type of address.

option

sdn

Option	Description
sdn	SDN address.
ems-tag	FortiClient EMS tag.
8021x	802.1X address.

tag-detection-level *

Tag detection level of dynamic address object.

string

Maximum length: 15

tag-type *

Tag type of dynamic address object.

string

Maximum length: 63

template

IPv6 address template.

string

Maximum length: 63

tenant

Tenant.

string

Maximum length: 35

type

Type of IPv6 address object (default = ipprefix).

option

ipprefix

Option	Description
ipprefix	Uses the IP prefix to define a range of IPv6 addresses.
iprange	Range of IPv6 addresses between two specified addresses (inclusive).
fqdn	Fully qualified domain name.
geography	IPv6 addresses from a specified country.
dynamic	Dynamic address object.
template	Template.
mac	Range of MAC addresses.
route-tag	route-tag addresses.
wildcard	Standard IPv6 using a wildcard subnet mask.

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

wildcard

IPv6 address and wildcard netmask.

ipv6-wildcard

Not Specified

:: ::

* This parameter may not exist in some models.

config addr-8021x

Parameter	Description	Type	Size	Default
acct-user	Account user name. Read-only.	string	Maximum length: 64
interface	Interface name. Read-only.	string	Maximum length: 15
ip6	IPv6 address. Read-only.	ipv6-address	Not Specified	::
mac	MAC address. Read-only.	string	Maximum length: 127
vlan-id	VLAN ID. Read-only.	integer	Minimum value: 0 Maximum value: 4294967295	0

config list

Parameter	Description	Type	Size	Default
ip	IP.	string	Maximum length: 89

config subnet-segment

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 63

type

Subnet segment type.

option

any

Option	Description
any	Wildcard.
specific	Specific subnet segment address.

value

Subnet segment value.

string

Maximum length: 35

config tagging

Parameter	Description	Type	Size
category	Tag category.	string	Maximum length: 63
name	Tagging entry name.	string	Maximum length: 63
tags `<name>`	Tags. Tag name.	string	Maximum length: 79

Parameter

Description

Type

Size

Default

config firewall address6

Configure IPv6 firewall addresses.

config firewall address6
    Description: Configure IPv6 firewall addresses.
    edit <name>
        config addr-8021x
            Description: 802.1X address. Read-only.
            edit <interface>
                set acct-user {string}
                set ip6 {ipv6-address}
                set mac {string}
                set vlan-id {integer}
            next
        end
        set cache-ttl {integer}
        set color {integer}
        set comment {var-string}
        set country {string}
        set custom-tags <name1>, <name2>, ...
        set display-with [all-tags|first-tag-only|...]
        set end-ip {ipv6-address}
        set epg-name {string}
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set filter {var-string}
        set fqdn {string}
        set host {ipv6-address}
        set host-type [any|specific]
        set ip6 {ipv6-network}
        config list
            Description: IP address list.
            edit <ip>
            next
        end
        set macaddr <macaddr1>, <macaddr2>, ...
        set obj-id {var-string}
        set obj-tag {string}
        set obsolete {integer}
        set passive-fqdn-learning [disable|enable]
        set route-tag {integer}
        set sdn {string}
        set sdn-addr-type [private|public|...]
        set sdn-tag {string}
        set start-ip {ipv6-address}
        set sub-type [sdn|ems-tag|...]
        config subnet-segment
            Description: IPv6 subnet segments.
            edit <name>
                set type [any|specific]
                set value {string}
            next
        end
        set tag-detection-level {string}
        set tag-type {string}
        config tagging
            Description: Config object tagging.
            edit <name>
                set category {string}
                set tags <name1>, <name2>, ...
            next
        end
        set template {string}
        set tenant {string}
        set type [ipprefix|iprange|...]
        set uuid {uuid}
        set wildcard {ipv6-wildcard}
    next
end

config firewall address6

Parameter

Description

Type

Size

Default

cache-ttl

Minimal TTL of individual IPv6 addresses in FQDN cache.

integer

Minimum value: 0 Maximum value: 86400

color

Integer value to determine the color of the icon in the GUI (range 1 to 32, default = 0, which sets the value to 1).

integer

Minimum value: 0 Maximum value: 32

comment

Comment.

var-string

Maximum length: 255

country

IPv6 addresses associated to a specific country.

string

Maximum length: 2

custom-tags <name> *

Custom tags.

Names of custom tags used with this address.

string

Maximum length: 35

display-with *

Display object with first tag, all tags, or just the icon.

option

all-tags

Option	Description
all-tags	Display object using all custom tags.
first-tag-only	Display object using first custom tag.
icon-and-color	Display object using icon and color.

end-ip

Final IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).

ipv6-address

Not Specified

epg-name

Endpoint group name.

string

Maximum length: 255

fabric-force-sync *

Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

option

disable

Option	Description
enable	Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.
disable	Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

fabric-object

Security Fabric global object setting.

option

disable

Option	Description
enable	Object is set as a security fabric-wide global object.
disable	Object is local to this security fabric member.

fabric-object-source *

Source of truth for fabric object.

option

root

Option	Description
member	Source of truth for this object is a non-root member of fabric.
local	Source of truth for this object is this security fabric member.
root	Source of truth for this object is the root of the fabric.

filter

Match criteria filter.

var-string

Maximum length: 2047

fqdn

Fully qualified domain name.

string

Maximum length: 255

host

Host Address.

ipv6-address

Not Specified

host-type

Host type.

option

any

Option	Description
any	Wildcard.
specific	Specific host address.

ip6

IPv6 address prefix (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx).

ipv6-network

Not Specified

::/0

macaddr <macaddr>

Multiple MAC address ranges.

MAC address ranges <start>[-<end>] separated by space.

string

Maximum length: 127

name

Address name.

string

Maximum length: 79

obj-id

Object ID for NSX.

var-string

Maximum length: 255

obj-tag *

Tag of dynamic address object.

string

Maximum length: 255

obsolete *

Indicates whether the address can be used. Read-only.

integer

Minimum value: 0 Maximum value: 4294967295

passive-fqdn-learning

Enable/disable passive learning of FQDNs. When enabled, the FortiGate learns, trusts, and saves FQDNs from endpoint DNS queries (default = enable).

option

enable

Option	Description
disable	Disable passive learning of FQDNs.
enable	Enable passive learning of FQDNs.

route-tag

route-tag address.

integer

Minimum value: 1 Maximum value: 4294967295

sdn

SDN.

string

Maximum length: 35

sdn-addr-type

Type of addresses to collect.

option

private

Option	Description
private	Collect private addresses only.
public	Collect public addresses only.
all	Collect both public and private addresses.

sdn-tag

SDN Tag.

string

Maximum length: 15

start-ip

First IP address (inclusive) in the range for the address (format: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx).

ipv6-address

Not Specified

sub-type *

Sub-type of address.

option

sdn

Option	Description
sdn	SDN address.
ems-tag	FortiClient EMS tag.
8021x	802.1X address.

tag-detection-level *

Tag detection level of dynamic address object.

string

Maximum length: 15

tag-type *

Tag type of dynamic address object.

string

Maximum length: 63

template

IPv6 address template.

string

Maximum length: 63

tenant

Tenant.

string

Maximum length: 35

type

Type of IPv6 address object (default = ipprefix).

option

ipprefix

Option	Description
ipprefix	Uses the IP prefix to define a range of IPv6 addresses.
iprange	Range of IPv6 addresses between two specified addresses (inclusive).
fqdn	Fully qualified domain name.
geography	IPv6 addresses from a specified country.
dynamic	Dynamic address object.
template	Template.
mac	Range of MAC addresses.
route-tag	route-tag addresses.
wildcard	Standard IPv6 using a wildcard subnet mask.

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

wildcard

IPv6 address and wildcard netmask.

ipv6-wildcard

Not Specified

:: ::

* This parameter may not exist in some models.

config addr-8021x

Parameter	Description	Type	Size	Default
acct-user	Account user name. Read-only.	string	Maximum length: 64
interface	Interface name. Read-only.	string	Maximum length: 15
ip6	IPv6 address. Read-only.	ipv6-address	Not Specified	::
mac	MAC address. Read-only.	string	Maximum length: 127
vlan-id	VLAN ID. Read-only.	integer	Minimum value: 0 Maximum value: 4294967295	0

config list

Parameter	Description	Type	Size	Default
ip	IP.	string	Maximum length: 89

config subnet-segment

Parameter

Description

Type

Size

Default

name

Name.

string

Maximum length: 63

type

Subnet segment type.

option

any

Option	Description
any	Wildcard.
specific	Specific subnet segment address.

value

Subnet segment value.

string

Maximum length: 35

config tagging

Parameter	Description	Type	Size
category	Tag category.	string	Maximum length: 63
name	Tagging entry name.	string	Maximum length: 63
tags `<name>`	Tags. Tag name.	string	Maximum length: 79

Parameter

Description

Type

Size

Default

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

config firewall address6

config firewall address6

config firewall address6

config addr-8021x

config list

config subnet-segment

config tagging

config firewall address6

config firewall address6

config firewall address6

config addr-8021x