Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cybernet2025
New Contributor III

What is the "none" object mean?

What is the "none" object mean?

cybernet2025_0-1671028957378.png

 

 

cybernet2025_1-1671028981143.png

 

2 REPLIES 2
pminarik
Staff
Staff

It's an address object that does not match any IP address. If "none" is a source or destination in a firewall policy, that firewall policy will never be matched. You can treat it as a placeholder object. (for example when you want to remove an existing src/dst address, but do not want to delete the firewall policy, for later use with another address object)

[ corrections always welcome ]
Yurisk
Valued Contributor

That was a fun one - Checkpoint introduced none address object to prevent the situation when an admin deleted address object used in the Security Rules, and Checkpoint would replace it with any in those rules, possibly opening a security gap. Fortigate, on the other hand, never allowed you to do so - you cannot delete an address object used in a rule :)

Yuri https://yurisk.info/  blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Labels
Top Kudoed Authors