FortiGate: Creating Address Groups

A useful object category that FortiOS has available for policies are Address Groups. An IPv4 Address Group is an array/list of addresses that can be applied to firewall policies. This is useful if you have multiple servers that need the same filtering. But, limiting the administrator overhead is needed to manage policies.

The addresses will need to be created individually before adding them as a member of the address group.

Start by going into the firewall addrgrp configuration prompt or (addrgrp) prompt.

config firewall addrgrp

In this case I’m creating a list of lab servers. So I will edit or create that one. This will take me into the (lab servers prompt.

edit "lab servers"

Set the members to one or more addresses.

set member "tl-db-01" "tl-app-01"

Once that’s complete. You’ll want to enter “next” and “end” to finish the configuration.

The show command for the address group will show the following output. It should now be available for use.

config firewall addrgrp
    edit "lab servers"
        set uuid af519380-2094-51e9-391c-b78e8edbddfc
        set member "tl-db-01" "tl-app-01"
    next
end