Firewall Address - Edit CLI differs from GUI Config

Forum|Forum|8 years ago
September 29, 2017
1 reply
12144 views

Please see attached. Running version 5.4.5. I have a firewall FQDN configured. I was able to edit a few by right click and choosing "Edit in CLI" (I needed to add the "set cache-ttl" setting). Then I noticed that when I clicked on one that was configured as fqdn, it popped up as "set type ipmask". See attached image. Might want to fix this Fortinet.

CLI.JPG

Best answer by tanr

Maybe you're hitting the 32 character limit Fortinet has for FQDN?

Don't know for sure, but their central SNAT limits FQDN's to 32 characters (per http://help.fortinet.com/fgt/54/max-values/5-4-4/max-values.html) anyway...

emnoc

New Member

Unless my eyes are bad or going bad, that a new object and not a FQDN. What's exactly the issue?

FWIW: a new object is always a ipmask untill you change the type to fqdn.

Ken

seadaveAuthor

New Member

Maybe I'm doing something wrong, but I'm clicking on an existing firewall address definition and choosing "Edit in CLI". Notice how it is already named and with a UUID. But the UUID does not match what is obtained via the SSH Putty session. Also I note it is truncating the .com in the domain name in the GUI Console view. See the two following screenshots.

Via Edit in CLI.JPG

seadaveAuthor

New Member

Via SSH session.

Via Putty SSH.JPG

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded