Skip to main content
junglecom
junglecom
New Member
March 4, 2013
Question

Isolate groups of IPs on the same subnet

  • March 4, 2013
  • 4 replies
  • 5406 views
HI, Wondering if its possible to isolate a group of IPs from another group of IPs on the same subnet. I am using Fortigate-VM64 For example: Subnet: 172.70.0.0/16 IP group A: 172.70.0.10, 172.70.0.11 IP group B: 172.70.0.100, 172.70.0.101, 172.70.0.102 I dont see such options anywhere. Thanks for your help

    4 replies

    pchechani_FTNT
    Staff
    pchechani_FTNT
    Staff
    March 4, 2013
    You can use Firewall address to isolate some IP groups and use them. For more details reference: http://help.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Handbook/objects.030.02.html#1827635
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    March 5, 2013
    For firewall address objects you can use ' regular' netmasks like /16 or /24 to denote a subnet, or /32 to denote a single host address. If you have multiple hosts with unrelated IP addresses you can group their /32 addresses in an address group and use that as source or destination in a policy.
    junglecom
    junglecomAuthor
    New Member
    March 25, 2013
    if using a 32bit mask, how does the server communicate with forigate default gatway?
    rwpatterson
    rwpatterson
    New Member
    March 25, 2013
    You are confusing routing subnet masks with the address group subnet masks. Using a /32 subnet mask on an address entity simple tells the firewall it' s a single object. Similary you could use /29 to denote a subnet of 8 [consecutive] addresses, etc.
    FortiRack_Eric
    FortiRack_Eric
    New Member
    March 25, 2013
    You can split the network in separate ones to isolate them. There is no Cisco private vlan support in the Fortigate.
    Terms & ConditionsAccessibility statement