Factory default firewall addresses and address group for private IP space (RFC1918) 7.2.2
FortiManager includes factory default firewall addresses and address group for private IP space (RFC1918).
The following new default firewall addresses objects are available:
- RFC1918-10: 10.0.0/8
- RFC1918-172: 172.16.0.0/12
- RFC1918-192: 192.168.0.0/16
The following new default firewall address group is available:
- RFC1918-GRP: Includes the RFC1918-10, RFC1918-172, and RFC1918-192 address objects.
To use the new default private IP space address objects in FortiManager:
- Go to Policy & Objects > Object Configurations > Firewall Objects > Addresses.
The default RFC1918 address objects are available.
- Go to Policy & Objects > Policy Packages, and select a Firewall Policy.
You can select the firewall address objects for use in the policy. For example, the RFC1918-GRP address group object is selectable as an IPv4 Destination Address. - Install the policy package to FortiGate.
To edit the default private IP space address objects using the CLI:
- In the FortiManager CLI, use the config firewall address command.
For example:config firewall address
edit "RFC1918-10"
set subnet 10.0.0.0 255.0.0.0
next
edit "RFC1918-172"
set subnet 172.16.0.0 255.240.0.0
next
edit "RFC1918-192"
set subnet 192.168.0.0 255.255.0.0
next
end
config firewall addrgrp
edit "RFC1918-GRP"
set member "RFC1918-10" "RFC1918-172" "RFC1918-192"
next
end