Technical Tip: Prefix List Defaults to 0.0.0.0 0.0...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 368346

Description

This article describes an issue where the prefix list defaults to 0.0.0.0 0.0.0.0 without displaying any warning or error when an invalid prefix format, such as <x.x.x.x/y.y.y.y>, is entered in the prefix field instead of the formats <x.x.x.x/y> or <x.x.x.x y.y.y.y>.

Scope

FortiGate v7.2.8, v7.4.3, v7.4.4, v7.6.0.

Solution

When a prefix list is configured using the format <x.x.x.x/y.y.y.y> under the Network -> Routing Objects menu on FortiGate GUI, the prefix list configuration defaults to 0.0.0.0 0.0.0.0 without displaying any warning or error message, unlike the CLI.

GUI:

CLI:

config router prefix-list

(Test-Prefix) # config rule

(rule) # edit 2

new entry '2' added

(2) # set prefix 172.16.1.0/255.255.255.0

Invalid length of ip

node_check_object fail! for prefix 172.16.1.0/255.255.255.0

value parse error before '172.16.1.0/255.255.255.0'

Command fail. Return code -8

Starting from FortiOS versions 7.2.9, 7.4.5, and 7.6.1, the prefix list format <x.x.x.x/y.y.y.y> is supported by the FortiGate.

Workaround:

For earlier versions, configure prefix lists using the formats:<x.x.x.x/y> or <x.x.x.x y.y.y.y>.

607

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: Prefix List Defaults to 0.0.0.0 0.0.0.0 When Configured with Invalid Format in the Prefix Field on FortiGate GUI

You are leaving our website