Skip to main content
Rizio
Rizio
Visitor III
November 20, 2025
Solved

Dynamic adrress ignored

  • November 20, 2025
  • 2 replies
  • 643 views

Hi all,

I'm currently updating my fortimanager configuration.

The problem I'm struggling with is about dynamic addresses used in interfaces with a captive portal. I have many fortigates with a specific interface that handles guests access (through the captive portal) and I need to tell Fortimanager to insert in the exempt list different addresses.

 

Using dynamic addresses mapped to single devices does not seem to work. 

When I'll try to install policy packages fortimanager ignores the mapped dynamic address (for different fortigate).

 

Rizio

Best answer by Rizios

Hello Jean-Philippe,

I've found the solution; I've do a simple "retrive configuration" within the firewall  configuration history of fortimanager.

This has solve the issue.

 

Rizio

 

P.S. How can I mark this post as RESOLVED?

2 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
November 23, 2025

Hello Rizio, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Jean-Philippe - Fortinet Community Team
Rizios
RiziosAnswer
New Member
November 24, 2025

Hello Jean-Philippe,

I've found the solution; I've do a simple "retrive configuration" within the firewall  configuration history of fortimanager.

This has solve the issue.

 

Rizio

 

P.S. How can I mark this post as RESOLVED?

    Jean-Philippe_P
    Staff & Editor
    Jean-Philippe_P
    Staff & Editor
    November 24, 2025

    Hello Rizios,

     

    Thanks for the update and for sharing to everyone the solution :)

     

    I will mark it as resolved, thanks again!

    Jean-Philippe - Fortinet Community Team
    Harper_King
    Harper_King
    New Member
    November 24, 2025

    FortiManager doesn’t fully support dynamic addresses in policy package installations for multiple FortiGates. When you map a dynamic address to a device interface, FortiManager can ignore it because it cannot resolve the IP until runtime.

    A few approaches to work around this:

    Use IP Pools or VIPs instead of dynamic addresses where possible—these are fully recognized during policy installation.

    Create device-specific address objects on each FortiGate and reference them in FortiManager policies rather than relying on a single dynamic object.

    If dynamic addresses must be used, consider installing policies directly from the FortiGate GUI or using scripts to update the exempt lists after policy installation.

    Unfortunately, there’s no native way to make FortiManager dynamically resolve guest IPs across multiple devices in a single policy package. Device-specific objects or runtime updates are the most reliable solution.

      Terms & ConditionsAccessibility statement