Technical Tip: Configuring IPv6 on an inter-VDOM link
Description
Scope
Solution
In FortiOS 6.4 and earlier, IPv6 configuration could only be done via the CLI. As of FortiOS v7.0 and later, it is possible to configure IPv6 via the GUI (see also: GUI support for configuring IPv6).
As an example, consider a software-based inter-VDOM link named 'vlink' composed of 'vlink0' and 'vlink1' on each end. In the GUI (under Network -> Interfaces), each member interface of the VDOM link can be configured either individually (in the Global VDOM or the assigned VDOM) or configured together in the Global VDOM:
Note: IPv6 must be configured under System -> Feature Visibility in the Global VDOM for the above to be visible.
In the CLI, the main VDOM link parent must be created in the Global VDOM first, then each member interface can be configured individually.
Create the vdom-link in the Global VDOM:
config system vdom-link
edit "vlink"
next
end
Configure IPv6 addresses on the VDOM link members:
config system interface
edit "vlink0"
set vdom "root"
set type vdom-link
config ipv6
set ip6-address 2001:db8:abcd:100::/127
set ip6-allowaccess ping
end
next
edit "vlink1"
set vdom "IPv6"
set type vdom-link
set snmp-index 49
config ipv6
set ip6-address 2001:db8:abcd:100::1/127
set ip6-allowaccess ping
end
next
end
Note for VDOM link addressing:
Since VDOM links are point-to-point connections, consider configuring IPv6 addressing that falls within a /127 subnet (two available addresses for hosts). This is generally-recommended as per RFC 6164 and RFC 6547, both for efficient IP address utilization and also to reduce the possibility of DoS-like attacks (though in-practice this is not a concern given that attackers cannot be inserted in-between the VDOM link members).
Related documents: