Help
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
contreraspa
Staff
Staff

Created on ‎03-13-2025 04:59 AM

Article Id 381882

Troubleshooting Tip: Error 'Invalid name: end-ip is out of range from start-ip, must be in the same Class C subnet for ipv4' in FortiMail IP Group

Description This article explains why the error 'Invalid name: end-ip is out of range from start-ip, must be in the same Class C subnet for ipv4' is displayed when ipv4 and ipv6 address are merged in FortiMail IP Group.
Scope FortiMail.
Solution

Sometimes, to optimize the use of policies in FortiMail, it is necessary to combine IP version 4 and version 6 addresses within the same IP Group. In some cases, the following error may be displayed:


fml ipv4-ipv6 ip group-2.png

 

This error is displayed when the default IP version 6 address::/0 is combined with any IP version 4 address, regardless of class.

 

This is not a functional error, it is a limitation defined by design since if the IP address pool is too large, pool verification can potentially consume a lot of resources, jeopardizing system performance.


To correct this, create multiple IP Groups containing the necessary subnets as needed, such as:

fml ipv4-ipv6 ip group-1.png

 

Or use the default IP version 6 address,::/0, directly in the policy and not within an IP Group:

 

fml ip policies.png
150
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.