Troubleshooting Tip: CIDR Filter Not Working in Ad...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 411149

Description This article describes an issue where the Address object table on FortiGate devices cannot be filtered using CIDR notation (for example, /24) after upgrading to FortiOS v7.4.x.

Scope

FortiGate v7.4.

Solution

The address object table supports only simple string-based filters and lacks IP logic-based filters like contains or overlaps, causing searches with CIDR notation (for example, 1.1.1.0/24) to return inaccurate results.

Test Environment.

Tested on these versions:

v7.2.8.
v7.4.8.
v7.6.4.

Reproduction Steps.

Go to Policy & Objects -> Addresses.
Create these address objects (IP Range/Subnet):
- 1.1.1.0/24.
- 1.1.1.1/32.
- 1.1.1.2/32.
- 1.1.1.3/32.
In the search bar, type 1.1.1.0/24.

Results.

v7.2.8: Shows matching results.

v7.4.8: non-exact matches (issue occurs).

v7.6.4: Shows matching results.

Resolution.

This issue only occurs in FortiOS v7.4.x.
It is fixed starting from FortiOS v7.6.4 build 3580.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: CIDR Filter Not Working in Address Object Table on FortiOS v7.4.x

You are leaving our website