Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssanga
Staff
Staff

Created on ‎03-13-2025 11:59 PM

Article Id 382089

Technical Tip: Unable to Create New Address Object in Firewall Policy by Admin with Custom Admin Profile

Description

This article addresses an issue where administrators with a Custom Admin profile configured with 'System:Read' permissions are unable to create a new address object from the firewall policy using the GUI.
Scope

FortiGate v7.4.4, v7.4.5, v7.4.6, v7.4.7.
Solution

Administrators with a Custom Admin profile set to System: Read permissions or System: Custom with at least one sysgrp-permission set to 'read' cannot create a new address object from the firewall policy because the '+' sign is missing under Source and Destination fields in the GUI.

Admin-Profile.PNG

Missing '+' sign for the Source and Destination fields.


source.PNG

 

destination.PNG


This issue has been resolved in v7.6.3 (scheduled to be released in March; 2025). These timelines for firmware release are estimates and may be subject to change.

Workaround:
Configure the address object under Policy & Object -> Addresses and add it to the firewall policy.
43
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.