It's an address object that does not match any IP address. If "none" is a source or destination in a firewall policy, that firewall policy will never be matched. You can treat it as a placeholder object. (for example when you want to remove an existing src/dst address, but do not want to delete the firewall policy, for later use with another address object)
That was a fun one - Checkpoint introduced none address object to prevent the situation when an admin deleted address object used in the Security Rules, and Checkpoint would replace it with any in those rules, possibly opening a security gap. Fortigate, on the other hand, never allowed you to do so - you cannot delete an address object used in a rule :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.