IPv4 Addresses

Example

Example of a Geography address for a country that should be able to access resourses on the network.

Field                                Value

Category                         Address

Name                              United States

Type                                Geography

Country                          United States

Interface                          any

Show in Address List    [on]

Comments

 

IP Range Addresses

Where the Subnet address is good a representing a standardized group of addresses that are subnets the IP Range type of address can describe a group of addresses while being specific and granular. It does this by specifying a continuous set of IP addresses between one specific IP address and another. While it is most common that this range is with a subnet it is not a requirement. For instance, 192.168.1.0/24 and 192.168.2.0/24 would be 2 separate subnets but if you wanted to describe the top half of one and the bottom half of the other you could describe the range of 192.168.1.128-192.168.2.127. It’s also a lot easier that trying to calculate the correct subnet mask.

 

The format would be:

x.x.x.x-x.x.x.x, such as 192.168.110.100-192.168.110.120

 

There is a notation that is commonly used and accepted by some devices that follows the format:

x.x.x.[x-x], such as 192.168.110.[100-120]

 

This format is not recognized in FortiOS 5.2 as a valid IP Range.

 

Creating a IP Range address

1. Go to Policy & Objects > Addresses.

2. Select Create New. A drop down menu is displayed. Select Address

3. In the Category field, chose Address(IPv4 addresses) or IPv6 Address.

4. Input a Name for the address object.

5. In the Type field, select IP Range from the drop down menu.

6. In the Subnet / IP Range field, enter the range of addresses in the following format: x.x.x.x-x.x.x.x (no spaces)

7. In the Interface field, leave as the default any or select a specific interface from the drop down menu. (This setting is not available for IPv6 addresses)

8. Select the desired on/off toggle setting for Show in Address List. If the setting is enabled the address will appear in drop down menus where it is an option.

9. Input any additional information in the Comments field.

10. Press OK.

 

 

Example

Example of a IP Range address for a group of computers set aside for guests on the company network.

Field                        Value

Category                  Address or IPv6 Address

Name                       Guest_users

Type                         IP Range

Subnet / IP

Range                      192.168.100.200-192.168.100.240

Interface                  Port1

Show in Address

List

[on]

 

 

Comments              Computers on the 1st floor used by guests for Internet access.

 

IP Range addresses can be configured forboth IPv4 and IPv6 addresses. The only dif- ferences in creating an IPv6 IP Range address is that you would choose IPv6 Address for the Category and the syntax of the address in the Subnet/IP Range field would be in the format of 2001:0db8:0000:0002:0:0:0:20-2001:0db8:0000:0004:0:0:0:20

 

IP / Netmask Addresses

The subnet type of address is expressed using a host address and a subnet mask. From a strictly mathematical stand point this is the most flexible of the types because the address can refer to as little one individual address or as many as all of the available addresses.

It is usally used when referring to your own internal addresses because you know what they are and they are usually administered in groups that are nicely differentiated along the lines of the old A, B, and C classes of IPv4 addresses. They are also addresses that are not likely to change with the changing of Internet Service Providers (ISP).

 

When representing hosts by an IP address with a netmask, the IP address can represent one or more hosts. For example, a firewall address can be:

  • A single host such as a single computer with the address 192.45.46.45
  • A range of hosts such as all of the hosts on the subnet 192.45.46.1 to 192.45.46.255
  • All hosts, represented by 0.0.0.0 which matches any IP address

The netmask corresponds to the subnet class of the address being added, and can be represented in either dotted decimal or CIDR format. The FortiGate unit automatically converts CIDR formatted netmasks to dotted decimal format. Example formats:

  • Netmask for a class A subnet of 16,777,214 usable addresses: 255.0.0.0, or /8
  • Netmask for a class B subnet of 65,534 usable addresses: 255.255.0.0, or /16
  • Netmask for a class C subnet of 254 usable addresses: 255.255.255.0, or /24
  • Netmask for subnetted class C of 126 usable addresses: 255.255.255.128, or /25
  • Netmask for subnetted class C of 62 usable addresses: 255.255.255.128, or /26 l  Netmask for subnetted class C of 30 usable addresses: 255.255.255.128, or /27 l  Netmask for subnetted class C of 14 usable addresses: 255.255.255.128, or /28 l  Netmask for subnetted class C of 6 usable addresses: 255.255.255.128, or /29
  • Netmask for subnetted class C of 2 usable addresses: 255.255.255.128, or /30
  • Netmask for a single computer: 255.255.255.255, or /32
  • Netmask used with 0.0.0.0 to include all IP addresses: 0.0.0.0, or /0

 

So for a single host or subnet the valid format of IP address and netmask could be either:

 

x.x.x.x/x.x.x.x, such as 192.168.1.0/255.255.255.0 or x.x.x.x/x, such as 192.168.1.0/24


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.