Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ajoe
Staff
Staff

Created on ‎09-20-2019 07:56 AM Edited on ‎01-30-2024 02:06 AM By Community Manager

Article Id 193181

Technical Tip: Address Group - Exclusions

Description
This article explains the new option on which certain address objects can be excluded.

Solution
This feature introduces the Exclude Members setting in IPv4 address groups. The specified IP addresses or ranges are subtracted from the address group.

This option is only supported for IPv4 address groups, and only for addresses with a Type of IP Range or Subnet.

To exclude an address or addresses from an address group using the GUI:
1) Go to Policy & Objects -> Addresses
2) Create a new address group, or edit an existing group

 
3) Enable Exclude Members, and select the addresses that will be excluded from the group
 

 
 
4) Click 'OK'. The excluded members are listed in the 'Exclude Member' column.
 

 
To exclude an address or addresses from an address group using CLI commands:
#config firewall addrgrp
 edit <address group>
 set exclude enable
 set exclude-member <address> <address> ... <address>
 next
end
4823
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.