FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
Article Id 247731


This article describes how to use firewall objects as metadata variables in FortiManager.
Scope FortiManager v7.2.

Starting from FortiManager 7.2.0, firewall objects are now able to be used as metadata variables.


The firewall objects are:

  1. Addresses.
  2. Virtual IPs.
  3. IP Pools.


From the GUI, this can be identified when it shows a '$' (sign in magnifying glass) symbol, and when hovering near (this field supports variable) it will display:




The firewall address will be used as an example:


  1. Create a new address object by:

Policy & Objects -> Firewall Objects -> Addresses and select 'Create New'.




  1. Put a dollar ($) sign in the field, it will show the metadata variable's value or create a new value.





  2. New metadata variables value can be created by selecting '+' sign:




    Or go to: Policy & Objects -> Advanced (Tools -> Display Options -> Check All -> OK) -> Metadata Variables.





  3. In Metadata Variables, it is necessary to put value in Default Value or it will throw an error when creating the address.


    error: firewall/address/addtest1/ : invalid subnet ip and mask




    For example:

    The address created is with four octets as a variable, the default Value needs to have the same four octets (, whereas the backend uses the default value as a syntax checking. 


    This is also applicable if using one/two/three octets as a variable.


    The subnet mask format for the address can either use /24 or full octet (



  4. To use different address values from each device, it is necessary to enable per-device mapping in the Metadata Variables.




    When installed, it will use the per-device mapping value and not the Default Value:




Related documents:

Technical Tip: New Meta Variables and their usage including Jinja scripting

Docs: Create Jinja templates and a CLI template group

Docs: FortiManager meta variables in Jinja

Docs: Preview Jinja script on device or device group

Docs: Perform installation to apply Jinja template configurations to branches