Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
junglecom
New Contributor

Isolate groups of IPs on the same subnet

HI, Wondering if its possible to isolate a group of IPs from another group of IPs on the same subnet. I am using Fortigate-VM64 For example: Subnet: 172.70.0.0/16 IP group A: 172.70.0.10, 172.70.0.11 IP group B: 172.70.0.100, 172.70.0.101, 172.70.0.102 I dont see such options anywhere. Thanks for your help
5 REPLIES 5
pchechani_FTNT

You can use Firewall address to isolate some IP groups and use them. For more details reference: http://help.fortinet.com/fos50hlp/50/index.html#page/FortiOS%25205.0%2520Handbook/objects.030.02.html#1827635
-p
ede_pfau
SuperUser
SuperUser

For firewall address objects you can use ' regular' netmasks like /16 or /24 to denote a subnet, or /32 to denote a single host address. If you have multiple hosts with unrelated IP addresses you can group their /32 addresses in an address group and use that as source or destination in a policy.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
junglecom
New Contributor

if using a 32bit mask, how does the server communicate with forigate default gatway?
rwpatterson
Valued Contributor III

You are confusing routing subnet masks with the address group subnet masks. Using a /32 subnet mask on an address entity simple tells the firewall it' s a single object. Similary you could use /29 to denote a subnet of 8 [consecutive] addresses, etc.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
FortiRack_Eric
New Contributor III

You can split the network in separate ones to isolate them. There is no Cisco private vlan support in the Fortigate.

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors