Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Isolate groups of IPs on the same subnet

HI, Wondering if its possible to isolate a group of IPs from another group of IPs on the same subnet. I am using Fortigate-VM64 For example: Subnet: IP group A:, IP group B:,, I dont see such options anywhere. Thanks for your help

You can use Firewall address to isolate some IP groups and use them. For more details reference:

For firewall address objects you can use ' regular' netmasks like /16 or /24 to denote a subnet, or /32 to denote a single host address. If you have multiple hosts with unrelated IP addresses you can group their /32 addresses in an address group and use that as source or destination in a policy.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
New Contributor

if using a 32bit mask, how does the server communicate with forigate default gatway?
Valued Contributor III

You are confusing routing subnet masks with the address group subnet masks. Using a /32 subnet mask on an address entity simple tells the firewall it' s a single object. Similary you could use /29 to denote a subnet of 8 [consecutive] addresses, etc.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at:

Bob - self proclaimed posting junkie!See my Fortigate related scripts at:
New Contributor III

You can split the network in separate ones to isolate them. There is no Cisco private vlan support in the Fortigate.

Rackmount your Fortinet -->


Rackmount your Fortinet -->

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors