Subnets in Foreman

Foreman keeps a database of "subnets" that help simplify the configuration of networking, including setting up proxy hosts if needed. You can configure both your organization or a hostgroup to only allow hosts to be associated to particular subnets.

To review all subnet objects

On the main Foreman screen, select the Infrastructure -> Subnets menu.

Subnets are named as they appear in Bluecat/Proteus. You can click on a subnet’s name to view it’s details. By default, everyone has permissions to create new subnet objects, but as they are shared by everyone, you cannot delete or modify them.


There are several firewall ports that must be open to the infrastructure servers in order to manage a host.

Allow yourself time when building hosts on a subnet you’ve never used to identify and resolve firewall blocks. It’s not uncommon for the first host to be built in a new to fail until the hardware firewalls are opened.

Subnet parameters

Under the parameters tab, we store some important data needed ti properly configure a host

Parameter Usage
http-proxy If a proxy is needed, its hostname is recorded here. No entry means no proxy needed.
http-proxy-port The proxy port to use. No entry means no proxy needed
firewall_open_for_build Intended for human consumption. If this subnet is known to work for CLAP, it is true. No entry means the firewall status is unknown.

Please send us a ServiceNow incident if you find incorrect data and we’ll attend to it promptly!


At your Organization level Administer -> Organizations> you can select from all the sunbets in the system the ones applicable to you, or check the “all subnets” box to get all current and future subnets.

Usually, admins choose to only associate subnets they actually use with their organizations, so that when they create an individual host they don’t have to scroll past a large list of inappropriate subnets in the new host interface.

It is also possible to further filter the subnets available to a hostgroup Configure -> Host Groups . This allows you to enforce business logic like “all our publicly accessible web sites should be in this VLAN/Subnet/Firewall context” or ease data entry by reducing the number of subnetworks displayed in the new host dialogs.

Tags: reference
Edit me