This article describes how to create three address objects (Class A, B, and C) and add them to an address group.
Scope
FortiGate.
Solution
Sometimes, the address group ‘all’ or ‘g_all’ is not used on firewall policies, but the user wants to cover a large range of IP addresses.
Once classes D and E are not used on the Internet classes A, B, and C could be used to replace ‘all’ and ‘g_all’
Step 1: Create the address object by selecting Policy & Objects > Addresses > Create New.
Step 2: Create the address object class A. Class_A can be used as a name, select IP Range and add the range 1.0.0.0-127.0.0.
Step 3: Repeat the steps above to create the address objects for classes B and C. Use the following commands via CLI:
config firewall address edit "Class_A" set type iprange set color 21 set start-ip 1.0.0.0 set end-ip 127.0.0.0 next edit "Class_B" set type iprange set color 21 set start-ip 128.0.0.0 set end-ip 191.255.0.0 next edit "Class_C" set type iprange set color 21 set start-ip 192.0.0.0 set end-ip 223.255.255.0 next end
Step 4: Create a group and add the three members to classes A, B, and C.
Commands to create the group via CLI:
config firewall addrgrp edit "Classes_A_B_C" set member "Class_A" "Class_B" "Class_C" next end