Technical Tip: Address Object behavior change in FortiGate interface creation in FortiOS v7.2.5+ and v7.4.1+

When creating a new interface on FortiGate with 'Create address object matching subnet' enabled, a corresponding address object will be automatically created.

In FortiOS v7.2.4 and earlier, the interface's IP address was registered as-is.

However, starting from FortiOS v7.2.5 and FortiOS v7.4.1, the behavior has changed: the address is automatically converted to the corresponding network address and registered.

Below are examples of the GUI screens during configuration:
These examples show the case where the IP address 192.168.200.254/24 is configured on the interface via the GUI.

• v7.2.4: The interface's IP address is registered as-is.

Network -> Interfaces -> Create new:

Policy ＆ Objects -> Addresses -> Create new object.

• FortiOS v7.6.4: The interface's IP address is converted to the corresponding network address.

Network -> Interfaces -> Create new:

Policy ＆ Objects -> Addresses -> Create new object:

Note: 

As shown above, starting from v7.2.5 and v7.4.1, the interface's IP address will no longer be registered during creation. Even when upgrading from a version earlier than v7.2.4, the existing settings will be automatically converted.

This change makes sure the address object always matches the full network (not just the single IP), so firewall policies and routes work correctly without confusion.