Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config firewall address

    config firewall address

    Configure IPv4 addresses.

    config firewall address
    Description: Configure IPv4 addresses.
    edit <name>
        config addr-8021x
            Description: 802.1X address. Read-only.
            edit <interface>
                set acct-user {string}
                set ip {ipv4-address-any}
                set mac {string}
                set vlan-id {integer}
            next
        end
        set agent-id {string}
        set allow-routing [enable|disable]
        set associated-interface {string}
        set cache-ttl {integer}
        set clearpass-spt [unknown|healthy|...]
        set color {integer}
        set comment {var-string}
        set country {string}
        set custom-tags <name1>, <name2>, ...
        set display-with [all-tags|first-tag-only|...]
        set end-ip {ipv4-address-any}
        set epg-name {string}
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set filter {var-string}
        set fqdn {string}
        set fsso-group <name1>, <name2>, ...
        set hw-model {string}
        set hw-vendor {string}
        set hw-version {string}
        set interface {string}
        set ipam-allocate-unique [enable|disable]
        config list
            Description: IP address list.
            edit <ip>
            next
        end
        set macaddr <macaddr1>, <macaddr2>, ...
        set managed-subnetwork-size [4|8|...]
        set node-ip-only [enable|disable]
        set obj-id {var-string}
        set obj-tag {string}
        set obj-type [ip|mac]
        set obsolete {integer}
        set organization {string}
        set os {string}
        set passive-fqdn-learning [disable|enable]
        set policy-group {string}
        set route-tag {integer}
        set sdn {string}
        set sdn-addr-type [private|public|...]
        set sdn-tag {string}
        set sso-attribute-value <name1>, <name2>, ...
        set start-ip {ipv4-address-any}
        set sub-type [sdn|clearpass-spt|...]
        set subnet {ipv4-classnet-any}
        set subnet-name {string}
        set sw-version {string}
        set tag-detection-level {string}
        set tag-type {string}
        config tagging
            Description: Config object tagging.
            edit <name>
                set category {string}
                set tags <name1>, <name2>, ...
            next
        end
        set tenant {string}
        set type [ipmask|iprange|...]
        set uuid {uuid}
        set wildcard {ipv4-classnet-any}
        set wildcard-fqdn {string}
    next
end

    config firewall address

    Parameter

    Description

    Type

    Size

    Default

    agent-id *

    Telemetry agent id.

    string

    Maximum length: 19

    allow-routing

    Enable/disable use of this address in routing configurations.

    option

    -

    disable

    Option

    Description

    enable

    Enable use of this address in routing configurations.

    disable

    Disable use of this address in routing configurations.

    associated-interface

    Network interface associated with address.

    string

    Maximum length: 35

    cache-ttl

    Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

    integer

    Minimum value: 0 Maximum value: 86400

    0

    clearpass-spt

    SPT (System Posture Token) value.

    option

    -

    unknown

    Option

    Description

    unknown

    UNKNOWN.

    healthy

    HEALTHY.

    quarantine

    QUARANTINE.

    checkup

    CHECKUP.

    transient

    TRANSIENT.

    infected

    INFECTED.

    color

    Color of icon on the GUI.

    integer

    Minimum value: 0 Maximum value: 32

    0

    comment

    Comment.

    var-string

    Maximum length: 255

    country

    IP addresses associated to a specific country.

    string

    Maximum length: 2

    custom-tags <name> *

    Custom tags.

    Names of custom tags used with this address.

    string

    Maximum length: 35

    display-with *

    Display object with first tag, all tags, or just the icon & color.

    option

    -

    all-tags

    Option

    Description

    all-tags

    Display object using all custom tags.

    first-tag-only

    Display object using first custom tag.

    icon-and-color

    Display object using icon and color.

    end-ip

    Final IP address (inclusive) in the range for the address.

    ipv4-address-any

    Not Specified

    0.0.0.0

    epg-name

    Endpoint group name.

    string

    Maximum length: 255

    fabric-force-sync *

    Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

    option

    -

    disable

    Option

    Description

    enable

    Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    disable

    Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    fabric-object

    Security Fabric global object setting.

    option

    -

    disable

    Option

    Description

    enable

    Object is set as a security fabric-wide global object.

    disable

    Object is local to this security fabric member.

    fabric-object-source *

    Source of truth for fabric object.

    option

    -

    root

    Option

    Description

    member

    Source of truth for this object is a non-root member of fabric.

    local

    Source of truth for this object is this security fabric member.

    root

    Source of truth for this object is the root of the fabric.

    filter

    Match criteria filter.

    var-string

    Maximum length: 2047

    fqdn

    Fully Qualified Domain Name address.

    string

    Maximum length: 255

    fsso-group <name>

    FSSO group(s).

    FSSO group name.

    string

    Maximum length: 511

    hw-model *

    Dynamic address matching hardware model.

    string

    Maximum length: 35

    hw-vendor

    Dynamic address matching hardware vendor.

    string

    Maximum length: 35

    hw-version *

    Dynamic address matching hardware version.

    string

    Maximum length: 35

    interface

    Name of interface whose IP address is to be used.

    string

    Maximum length: 35

    ipam-allocate-unique *

    Allocate unique subnet for FortiIPAM managed fabric-object address.

    option

    -

    disable

    Option

    Description

    enable

    Enable unique subnet allocation on each FortiGate.

    disable

    Disable unique subnet allocation on each FortiGate.

    macaddr <macaddr>

    Multiple MAC address ranges.

    MAC address ranges <start>[-<end>] separated by space.

    string

    Maximum length: 127

    managed-subnetwork-size *

    Number of IP addresses to be allocated by FortiIPAM for this address.

    option

    -

    256

    Option

    Description

    4

    Allocate a subnet with 4 IP addresses.

    8

    Allocate a subnet with 8 IP addresses.

    16

    Allocate a subnet with 16 IP addresses.

    32

    Allocate a subnet with 32 IP addresses.

    64

    Allocate a subnet with 64 IP addresses.

    128

    Allocate a subnet with 128 IP addresses.

    256

    Allocate a subnet with 256 IP addresses.

    512

    Allocate a subnet with 512 IP addresses.

    1024

    Allocate a subnet with 1024 IP addresses.

    2048

    Allocate a subnet with 2048 IP addresses.

    4096

    Allocate a subnet with 4096 IP addresses.

    8192

    Allocate a subnet with 8192 IP addresses.

    16384

    Allocate a subnet with 16384 IP addresses.

    32768

    Allocate a subnet with 32768 IP addresses.

    65536

    Allocate a subnet with 65536 IP addresses.

    131072

    Allocate a subnet with 131072 IP addresses.

    262144

    Allocate a subnet with 262144 IP addresses.

    524288

    Allocate a subnet with 524288 IP addresses.

    1048576

    Allocate a subnet with 1048576 IP addresses.

    2097152

    Allocate a subnet with 2097152 IP addresses.

    4194304

    Allocate a subnet with 4194304 IP addresses.

    8388608

    Allocate a subnet with 8388608 IP addresses.

    16777216

    Allocate a subnet with 16777216 IP addresses.

    name

    Address name.

    string

    Maximum length: 79

    node-ip-only

    Enable/disable collection of node addresses only in Kubernetes.

    option

    -

    disable

    Option

    Description

    enable

    Enable collection of node addresses only in Kubernetes.

    disable

    Disable collection of node addresses only in Kubernetes.

    obj-id

    Object ID for NSX.

    var-string

    Maximum length: 255

    obj-tag

    Tag of dynamic address object.

    string

    Maximum length: 255

    obj-type

    Object type.

    option

    -

    ip

    Option

    Description

    ip

    IP address.

    mac

    MAC address

    obsolete *

    Indicates whether the address can be used. Read-only.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    organization

    Organization domain name (Syntax: organization/domain).

    string

    Maximum length: 35

    os

    Dynamic address matching operating system.

    string

    Maximum length: 35

    passive-fqdn-learning

    Enable/disable passive learning of FQDNs. When enabled, the FortiGate learns, trusts, and saves FQDNs from endpoint DNS queries (default = enable).

    option

    -

    enable

    Option

    Description

    disable

    Disable passive learning of FQDNs.

    enable

    Enable passive learning of FQDNs.

    policy-group

    Policy group name.

    string

    Maximum length: 15

    route-tag

    route-tag address.

    integer

    Minimum value: 1 Maximum value: 4294967295

    0

    sdn

    SDN.

    string

    Maximum length: 35

    sdn-addr-type

    Type of addresses to collect.

    option

    -

    private

    Option

    Description

    private

    Collect private addresses only.

    public

    Collect public addresses only.

    all

    Collect both public and private addresses.

    sdn-tag

    SDN Tag.

    string

    Maximum length: 15

    sso-attribute-value <name>

    RADIUS attributes value.

    RADIUS attribute value.

    string

    Maximum length: 511

    start-ip

    First IP address (inclusive) in the range for the address.

    ipv4-address-any

    Not Specified

    0.0.0.0

    sub-type

    Sub-type of address.

    option

    -

    sdn

    Option

    Description

    sdn

    SDN address.

    clearpass-spt

    ClearPass SPT (System Posture Token) address.

    fsso

    FSSO address.

    rsso

    RSSO address.

    ems-tag

    FortiClient EMS tag.

    fortivoice-tag

    FortiVoice tag.

    fortinac-tag

    FortiNAC tag.

    swc-tag

    Switch Controller NAC policy tag.

    device-identification

    Device address.

    external-resource

    External resource.

    telemetry

    Telemetry address.

    obsolete

    Tag from EOL product.

    8021x

    802.1X address.

    subnet

    IP address and subnet mask of address.

    ipv4-classnet-any

    Not Specified

    0.0.0.0 0.0.0.0

    subnet-name

    Subnet name.

    string

    Maximum length: 255

    sw-version

    Dynamic address matching software version.

    string

    Maximum length: 35

    tag-detection-level

    Tag detection level of dynamic address object.

    string

    Maximum length: 15

    tag-type

    Tag type of dynamic address object.

    string

    Maximum length: 63

    tenant

    Tenant.

    string

    Maximum length: 35

    type

    Type of address.

    option

    -

    ipmask

    Option

    Description

    ipmask

    Standard IPv4 address with subnet mask.

    iprange

    Range of IPv4 addresses between two specified addresses (inclusive).

    fqdn

    Fully Qualified Domain Name address.

    geography

    IP addresses from a specified country.

    wildcard

    Standard IPv4 using a wildcard subnet mask.

    dynamic

    Dynamic address object.

    interface-subnet

    IP and subnet of interface.

    ipam

    Address with subnet mask under IP Address Management.

    mac

    Range of MAC addresses.

    route-tag

    route-tag addresses.

    uuid

    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

    uuid

    Not Specified

    00000000-0000-0000-0000-000000000000

    wildcard

    IP address and wildcard netmask.

    ipv4-classnet-any

    Not Specified

    0.0.0.0 0.0.0.0

    wildcard-fqdn

    Fully Qualified Domain Name with wildcard characters.

    string

    Maximum length: 255

    * This parameter may not exist in some models.

    config addr-8021x

    Parameter

    Description

    Type

    Size

    Default

    acct-user

    Account user name. Read-only.

    string

    Maximum length: 64

    interface

    Interface name. Read-only.

    string

    Maximum length: 15

    ip

    IP address. Read-only.

    ipv4-address-any

    Not Specified

    0.0.0.0

    mac

    MAC address. Read-only.

    string

    Maximum length: 127

    vlan-id

    VLAN ID. Read-only.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    config list

    Parameter

    Description

    Type

    Size

    Default

    ip

    IP.

    string

    Maximum length: 35

    config tagging

    Parameter

    Description

    Type

    Size

    Default

    category

    Tag category.

    string

    Maximum length: 63

    name

    Tagging entry name.

    string

    Maximum length: 63

    tags <name>

    Tags.

    Tag name.

    string

    Maximum length: 79

    Previous
    Next

    config firewall address

    config firewall address

    Configure IPv4 addresses.

    config firewall address
    Description: Configure IPv4 addresses.
    edit <name>
        config addr-8021x
            Description: 802.1X address. Read-only.
            edit <interface>
                set acct-user {string}
                set ip {ipv4-address-any}
                set mac {string}
                set vlan-id {integer}
            next
        end
        set agent-id {string}
        set allow-routing [enable|disable]
        set associated-interface {string}
        set cache-ttl {integer}
        set clearpass-spt [unknown|healthy|...]
        set color {integer}
        set comment {var-string}
        set country {string}
        set custom-tags <name1>, <name2>, ...
        set display-with [all-tags|first-tag-only|...]
        set end-ip {ipv4-address-any}
        set epg-name {string}
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set filter {var-string}
        set fqdn {string}
        set fsso-group <name1>, <name2>, ...
        set hw-model {string}
        set hw-vendor {string}
        set hw-version {string}
        set interface {string}
        set ipam-allocate-unique [enable|disable]
        config list
            Description: IP address list.
            edit <ip>
            next
        end
        set macaddr <macaddr1>, <macaddr2>, ...
        set managed-subnetwork-size [4|8|...]
        set node-ip-only [enable|disable]
        set obj-id {var-string}
        set obj-tag {string}
        set obj-type [ip|mac]
        set obsolete {integer}
        set organization {string}
        set os {string}
        set passive-fqdn-learning [disable|enable]
        set policy-group {string}
        set route-tag {integer}
        set sdn {string}
        set sdn-addr-type [private|public|...]
        set sdn-tag {string}
        set sso-attribute-value <name1>, <name2>, ...
        set start-ip {ipv4-address-any}
        set sub-type [sdn|clearpass-spt|...]
        set subnet {ipv4-classnet-any}
        set subnet-name {string}
        set sw-version {string}
        set tag-detection-level {string}
        set tag-type {string}
        config tagging
            Description: Config object tagging.
            edit <name>
                set category {string}
                set tags <name1>, <name2>, ...
            next
        end
        set tenant {string}
        set type [ipmask|iprange|...]
        set uuid {uuid}
        set wildcard {ipv4-classnet-any}
        set wildcard-fqdn {string}
    next
end

    config firewall address

    Parameter

    Description

    Type

    Size

    Default

    agent-id *

    Telemetry agent id.

    string

    Maximum length: 19

    allow-routing

    Enable/disable use of this address in routing configurations.

    option

    -

    disable

    Option

    Description

    enable

    Enable use of this address in routing configurations.

    disable

    Disable use of this address in routing configurations.

    associated-interface

    Network interface associated with address.

    string

    Maximum length: 35

    cache-ttl

    Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.

    integer

    Minimum value: 0 Maximum value: 86400

    0

    clearpass-spt

    SPT (System Posture Token) value.

    option

    -

    unknown

    Option

    Description

    unknown

    UNKNOWN.

    healthy

    HEALTHY.

    quarantine

    QUARANTINE.

    checkup

    CHECKUP.

    transient

    TRANSIENT.

    infected

    INFECTED.

    color

    Color of icon on the GUI.

    integer

    Minimum value: 0 Maximum value: 32

    0

    comment

    Comment.

    var-string

    Maximum length: 255

    country

    IP addresses associated to a specific country.

    string

    Maximum length: 2

    custom-tags <name> *

    Custom tags.

    Names of custom tags used with this address.

    string

    Maximum length: 35

    display-with *

    Display object with first tag, all tags, or just the icon & color.

    option

    -

    all-tags

    Option

    Description

    all-tags

    Display object using all custom tags.

    first-tag-only

    Display object using first custom tag.

    icon-and-color

    Display object using icon and color.

    end-ip

    Final IP address (inclusive) in the range for the address.

    ipv4-address-any

    Not Specified

    0.0.0.0

    epg-name

    Endpoint group name.

    string

    Maximum length: 255

    fabric-force-sync *

    Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

    option

    -

    disable

    Option

    Description

    enable

    Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    disable

    Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

    fabric-object

    Security Fabric global object setting.

    option

    -

    disable

    Option

    Description

    enable

    Object is set as a security fabric-wide global object.

    disable

    Object is local to this security fabric member.

    fabric-object-source *

    Source of truth for fabric object.

    option

    -

    root

    Option

    Description

    member

    Source of truth for this object is a non-root member of fabric.

    local

    Source of truth for this object is this security fabric member.

    root

    Source of truth for this object is the root of the fabric.

    filter

    Match criteria filter.

    var-string

    Maximum length: 2047

    fqdn

    Fully Qualified Domain Name address.

    string

    Maximum length: 255

    fsso-group <name>

    FSSO group(s).

    FSSO group name.

    string

    Maximum length: 511

    hw-model *

    Dynamic address matching hardware model.

    string

    Maximum length: 35

    hw-vendor

    Dynamic address matching hardware vendor.

    string

    Maximum length: 35

    hw-version *

    Dynamic address matching hardware version.

    string

    Maximum length: 35

    interface

    Name of interface whose IP address is to be used.

    string

    Maximum length: 35

    ipam-allocate-unique *

    Allocate unique subnet for FortiIPAM managed fabric-object address.

    option

    -

    disable

    Option

    Description

    enable

    Enable unique subnet allocation on each FortiGate.

    disable

    Disable unique subnet allocation on each FortiGate.

    macaddr <macaddr>

    Multiple MAC address ranges.

    MAC address ranges <start>[-<end>] separated by space.

    string

    Maximum length: 127

    managed-subnetwork-size *

    Number of IP addresses to be allocated by FortiIPAM for this address.

    option

    -

    256

    Option

    Description

    4

    Allocate a subnet with 4 IP addresses.

    8

    Allocate a subnet with 8 IP addresses.

    16

    Allocate a subnet with 16 IP addresses.

    32

    Allocate a subnet with 32 IP addresses.

    64

    Allocate a subnet with 64 IP addresses.

    128

    Allocate a subnet with 128 IP addresses.

    256

    Allocate a subnet with 256 IP addresses.

    512

    Allocate a subnet with 512 IP addresses.

    1024

    Allocate a subnet with 1024 IP addresses.

    2048

    Allocate a subnet with 2048 IP addresses.

    4096

    Allocate a subnet with 4096 IP addresses.

    8192

    Allocate a subnet with 8192 IP addresses.

    16384

    Allocate a subnet with 16384 IP addresses.

    32768

    Allocate a subnet with 32768 IP addresses.

    65536

    Allocate a subnet with 65536 IP addresses.

    131072

    Allocate a subnet with 131072 IP addresses.

    262144

    Allocate a subnet with 262144 IP addresses.

    524288

    Allocate a subnet with 524288 IP addresses.

    1048576

    Allocate a subnet with 1048576 IP addresses.

    2097152

    Allocate a subnet with 2097152 IP addresses.

    4194304

    Allocate a subnet with 4194304 IP addresses.

    8388608

    Allocate a subnet with 8388608 IP addresses.

    16777216

    Allocate a subnet with 16777216 IP addresses.

    name

    Address name.

    string

    Maximum length: 79

    node-ip-only

    Enable/disable collection of node addresses only in Kubernetes.

    option

    -

    disable

    Option

    Description

    enable

    Enable collection of node addresses only in Kubernetes.

    disable

    Disable collection of node addresses only in Kubernetes.

    obj-id

    Object ID for NSX.

    var-string

    Maximum length: 255

    obj-tag

    Tag of dynamic address object.

    string

    Maximum length: 255

    obj-type

    Object type.

    option

    -

    ip

    Option

    Description

    ip

    IP address.

    mac

    MAC address

    obsolete *

    Indicates whether the address can be used. Read-only.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    organization

    Organization domain name (Syntax: organization/domain).

    string

    Maximum length: 35

    os

    Dynamic address matching operating system.

    string

    Maximum length: 35

    passive-fqdn-learning

    Enable/disable passive learning of FQDNs. When enabled, the FortiGate learns, trusts, and saves FQDNs from endpoint DNS queries (default = enable).

    option

    -

    enable

    Option

    Description

    disable

    Disable passive learning of FQDNs.

    enable

    Enable passive learning of FQDNs.

    policy-group

    Policy group name.

    string

    Maximum length: 15

    route-tag

    route-tag address.

    integer

    Minimum value: 1 Maximum value: 4294967295

    0

    sdn

    SDN.

    string

    Maximum length: 35

    sdn-addr-type

    Type of addresses to collect.

    option

    -

    private

    Option

    Description

    private

    Collect private addresses only.

    public

    Collect public addresses only.

    all

    Collect both public and private addresses.

    sdn-tag

    SDN Tag.

    string

    Maximum length: 15

    sso-attribute-value <name>

    RADIUS attributes value.

    RADIUS attribute value.

    string

    Maximum length: 511

    start-ip

    First IP address (inclusive) in the range for the address.

    ipv4-address-any

    Not Specified

    0.0.0.0

    sub-type

    Sub-type of address.

    option

    -

    sdn

    Option

    Description

    sdn

    SDN address.

    clearpass-spt

    ClearPass SPT (System Posture Token) address.

    fsso

    FSSO address.

    rsso

    RSSO address.

    ems-tag

    FortiClient EMS tag.

    fortivoice-tag

    FortiVoice tag.

    fortinac-tag

    FortiNAC tag.

    swc-tag

    Switch Controller NAC policy tag.

    device-identification

    Device address.

    external-resource

    External resource.

    telemetry

    Telemetry address.

    obsolete

    Tag from EOL product.

    8021x

    802.1X address.

    subnet

    IP address and subnet mask of address.

    ipv4-classnet-any

    Not Specified

    0.0.0.0 0.0.0.0

    subnet-name

    Subnet name.

    string

    Maximum length: 255

    sw-version

    Dynamic address matching software version.

    string

    Maximum length: 35

    tag-detection-level

    Tag detection level of dynamic address object.

    string

    Maximum length: 15

    tag-type

    Tag type of dynamic address object.

    string

    Maximum length: 63

    tenant

    Tenant.

    string

    Maximum length: 35

    type

    Type of address.

    option

    -

    ipmask

    Option

    Description

    ipmask

    Standard IPv4 address with subnet mask.

    iprange

    Range of IPv4 addresses between two specified addresses (inclusive).

    fqdn

    Fully Qualified Domain Name address.

    geography

    IP addresses from a specified country.

    wildcard

    Standard IPv4 using a wildcard subnet mask.

    dynamic

    Dynamic address object.

    interface-subnet

    IP and subnet of interface.

    ipam

    Address with subnet mask under IP Address Management.

    mac

    Range of MAC addresses.

    route-tag

    route-tag addresses.

    uuid

    Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

    uuid

    Not Specified

    00000000-0000-0000-0000-000000000000

    wildcard

    IP address and wildcard netmask.

    ipv4-classnet-any

    Not Specified

    0.0.0.0 0.0.0.0

    wildcard-fqdn

    Fully Qualified Domain Name with wildcard characters.

    string

    Maximum length: 255

    * This parameter may not exist in some models.

    config addr-8021x

    Parameter

    Description

    Type

    Size

    Default

    acct-user

    Account user name. Read-only.

    string

    Maximum length: 64

    interface

    Interface name. Read-only.

    string

    Maximum length: 15

    ip

    IP address. Read-only.

    ipv4-address-any

    Not Specified

    0.0.0.0

    mac

    MAC address. Read-only.

    string

    Maximum length: 127

    vlan-id

    VLAN ID. Read-only.

    integer

    Minimum value: 0 Maximum value: 4294967295

    0

    config list

    Parameter

    Description

    Type

    Size

    Default

    ip

    IP.

    string

    Maximum length: 35

    config tagging

    Parameter

    Description

    Type

    Size

    Default

    category

    Tag category.

    string

    Maximum length: 63

    name

    Tagging entry name.

    string

    Maximum length: 63

    tags <name>

    Tags.

    Tag name.

    string

    Maximum length: 79

    Previous
    Next