Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Addresses

Addresses

Web cache addresses and address groups define the network addresses that you use when configuring source and destination addresses for security policies. The FortiProxy unit compares the IP addresses contained in packet headers with security policy source and destination addresses to determine if the security policy matches the traffic. Addresses can be IPv4 addresses and address ranges, IPv6 addresses, and fully qualified domain names (FQDNs).

Be careful if employing FQDN web cache addresses. Using a fully qualified domain name in a security policy, while convenient, does present some security risks because policy matching then relies on a trusted DNS server. If the DNS server becomes compromised, security policies requiring domain name resolution might no longer function properly.

Web cache addresses in the address list are grouped by type: Address, Address Group, IPv6 Address, IPv6 Address Group, Proxy Address, or Proxy Group. A FortiProxy unit’s default configurations include all address, which represents any IPv4 IP address on any network. You can also add a firewall address list when configuring a security policy.

To view the address list, go to Policy & Objects > Addresses.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New > Address

Add a new address. See Create or edit an address.

Create New > Address Group

Add a new address group. See Create or edit an address group.

Create New > IPv6 Address Template

Add an IPv6 address template. See Create or edit an IPv6 address template.

Edit

Edit the selected address. See Create or edit an address or Create or edit an address group

Clone

Make a copy of the selected address or address group.

Delete

Remove the selected address or address group. This icon appears only if a policy or address group is not currently using the address.

Search

Search for text in any column.

Name

The name of the address.

Details

The domain name.

Interface

The interface to which the address is bound.

Type

Select the type of address: FQDN, Geography, IP Range, Subnet, Wildcard FQDN, Dynamic SDN address, IPv6 Subnet, URL Pattern, Host Regex Match, URL Category, HTTP Method, User Agent, HTTP Header, Advanced (Source), or Advanced (Destination).

Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref., and the Object Usage window appears displaying the various locations of the referenced object.

Comments

Optional description of the address.

Exclude Members

Addresses excluded from an address group.

Routable

Whether the IP address can be used for routing.
Previous
Next

Addresses

Web cache addresses and address groups define the network addresses that you use when configuring source and destination addresses for security policies. The FortiProxy unit compares the IP addresses contained in packet headers with security policy source and destination addresses to determine if the security policy matches the traffic. Addresses can be IPv4 addresses and address ranges, IPv6 addresses, and fully qualified domain names (FQDNs).

Be careful if employing FQDN web cache addresses. Using a fully qualified domain name in a security policy, while convenient, does present some security risks because policy matching then relies on a trusted DNS server. If the DNS server becomes compromised, security policies requiring domain name resolution might no longer function properly.

Web cache addresses in the address list are grouped by type: Address, Address Group, IPv6 Address, IPv6 Address Group, Proxy Address, or Proxy Group. A FortiProxy unit’s default configurations include all address, which represents any IPv4 IP address on any network. You can also add a firewall address list when configuring a security policy.

To view the address list, go to Policy & Objects > Addresses.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New > Address

Add a new address. See Create or edit an address.

Create New > Address Group

Add a new address group. See Create or edit an address group.

Create New > IPv6 Address Template

Add an IPv6 address template. See Create or edit an IPv6 address template.

Edit

Edit the selected address. See Create or edit an address or Create or edit an address group

Clone

Make a copy of the selected address or address group.

Delete

Remove the selected address or address group. This icon appears only if a policy or address group is not currently using the address.

Search

Search for text in any column.

Name

The name of the address.

Details

The domain name.

Interface

The interface to which the address is bound.

Type

Select the type of address: FQDN, Geography, IP Range, Subnet, Wildcard FQDN, Dynamic SDN address, IPv6 Subnet, URL Pattern, Host Regex Match, URL Category, HTTP Method, User Agent, HTTP Header, Advanced (Source), or Advanced (Destination).

Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref., and the Object Usage window appears displaying the various locations of the referenced object.

Comments

Optional description of the address.

Exclude Members

Addresses excluded from an address group.

Routable

Whether the IP address can be used for routing.
Previous
Next