|
Description |
This article describes how to use firewall objects as metadata variables in FortiManager. |
| Scope | FortiManager v7.2. |
| Solution |
Starting from FortiManager 7.2.0, firewall objects are now able to use as metadata variables.
The firewall objects are: 1) Addresses. 2) Virtual IPs. 3) IP Pools.
From the GUI, this can be identified when it shows a '$' (sign in magnifying glass) symbol, and when hovering near it will display (this field supports variable:(
The firewall address will be used as an example:
1) Create a new address object by: Policy & Objects -> Firewall Objects -> Addresses and select 'Create New'.
2) Put a dollar ($) sign in the field, it will show the metadata variable's value or create a new value.
3) New metadata variables value can be created by select '+' sign:
Or go to: Policy & Objects -> Advanced (Tools -> Display Options -> Check All -> OK) -> Metadata Variables.
4) In Metadata Variables, it isnescessary to put value in Default Value or it will throw an error when creating the address.
error: firewall/address/addtest1/ : invalid subnet ip and mask
For example: Address created is 192.168.2.0 with four octets as a variable, the default Value needs to have the same four octets (0.0.0.0), whereas the backend uses default value as a syntax checking.
This is also applicable if using one/two/three octets as a variable.
The subnet mask format for the address can either use /24 or full octet (255.255.255.0).
5) To use different address values from each device, it is necessary to enable it per-device mapping in the Metadata Variables.
When installed, it will use the per-device mapping value and not the Default Value:
Related article: Technical Tip: New Meta Variables and their usage including Jinja scripting |
