Looked at the admin guide, and the example it shows, is www.google.com (As a subnet object???)
Need to add a simple subnet object like "192.168.0.0/16". Is this possible?
I have many address objects of type Subnet, that were created in a FortiGate before FortiManager came along.
When trying to add in FortiManager, It clears the subnet address I try to add within IP/Netmask and then says "Invalid IP address"
Does FortiManager have a different concept of a subnet address object than the FortiGate does?
I know I can add an IP range (probably), but that means I have to go through and edit "all" of the exiting definitions.
In the FortiGate, when adding a subnet object, I can name it something like "sn-bob" and it does (or at least did not previously) require that it resolve to anything.
I'm hoping that I am missing something stupid.
Solved! Go to Solution.
Thank you, @dbeitler .
I can reproduce this issue in my lab FMG 7.2.8.
And I have found an existing Mantis for this issue: 1069285. This bug is for FMG 7.2 train only.
The fix is included in FMG 7.2.10 or later.
Hi @dbeitler ,
1) Please provide the link of the admin guide you are talking about the example with "www.google.com";
2) There is no subnet object such thing. I guess you are talking about address objects with subnet type. If so, "www.google.com" must be the name of the address object with the type of "subnet":
If so, you may use anything you want for the name. But I would admit that it is not a good example to use "www.google.com" as the name for the "192.168.0.0/16" subnet.
3) "Invalid IP address"
Can you provide a screenshot at least?
4) "Does FortiManager have a different concept of a subnet address object than the FortiGate does?"
FMG does follow the same concepts with FortiOS, otherwise, it will be causing a major issue to the FortiGate.
5) "In the FortiGate, when adding a subnet object, I can name it something like "sn-bob" and it does (or at least did not previously) require that it resolve to anything."
Again, there is no so-called subnet object. If you are talking about the Subnet type of an address object, no, we do not require it to be resolved to anything.
Please provide a screenshot as well.
We will resolve the FQDN only.
For example, the above screenshot shows an address object with FQDN type.
it will resolve "docs.google.com", not "www.google.com".
and yes, I am referring to address objects of type subnet.
Hi @dbeitler ,
1) Where did you capture the screenshot? FGT or FMG?
2) The "resolve from name" does not mean you HAVE TO resolve the name. It is a convenient way for you to get the value of the IP if the name is resolvable. Like the floating tips said, the name must be valid FODN.
Once it is resolved, absolutely you can modify it as needed. And of course you can still keep it, but at least you have to add a network mask.
This was in Policy & Objects, Object Configurations , Firewall Objects, Addresses, Create New, Address
When I tab out of the IP/Netmask section, it clears it, and proclaims "Invalid address"
Hi @dbeitler ,
What is the firmware version of your FMG? And it is still better to provide a screenshot.
Does the same if I edit an existing one. If I tweak the IP/Netmask field, then tab out. Same result.
haha. I knew it was something simple.
If I add a subnet in IP/Netmask, then with the mouse, go to another section, comments for example, it retains what I enter.
If I add a subnet in IP/Netmask, then tab down, it passes by and apparently auto-selects "Resolve from name"
Is that a bug, or a feature?
Hi @dbeitler ,
"If I add a subnet in IP/Netmask, then tab down, it passes by and apparently auto-selects "Resolve from name" "
I am a little bit confused by this. Do you mean:
1) You entered the value for the IP/Netmask field
2) You pressed the "Tab" key, and the focus would move to "Resolve from name"
If so, this is programming stuff. If you keep pressing Tab, the focus will move to Comment later.
If the above is not your case, please provide more info, like the steps I described.
User | Count |
---|---|
2270 | |
1232 | |
772 | |
452 | |
396 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.