Skip to main content
NKL
NKL
New Member
May 13, 2014
Question

[solved] SSL-VPN IPv6

  • May 13, 2014
  • 1 reply
  • 9805 views
For a testlab-environment (FGT60D, OS 5.0.7), I want to setup a IPv6-SSL-VPN, but failed so far. Has anybody managed to setup a SSLVPN with full IPv6 support (IPv6-IP-Pools, tunneling/split-tunneling etc.)? The documentation on IPv6 or SSL VPN does not really give any substantial information or examples. The GUI obviously only allows for IPv4 at " VPN -> SSL -> Portal/Config" , even though the IPv6-feature is activated. But the CLI is not of much help either: trying to configure a ssl-portal with widget-setting " set ipv6-split-tunneling enable" results in this setting not even show up in the config. Anyone can point me to some documentation, examples or supply a config-file? Thanks in advance. EDIT: So, it turns out, that it works perfectly fine with just the setting " set split-tunneling" enabled. No need for " set ipv6-split-tunneling enable" . Just add IPv6-pools to portal-config and ssl-settings via CLI, add IPv6-polices for SSL-VPN (via GUI) and you are good to go.

    1 reply

    emnoc
    emnoc
    New Member
    May 13, 2014
    I really curious about this one myself. I open a case with TAC about 6 months and got nowhere with them and supposely we have IPV6SSLVPN support. Even the cisco ASA anyconnect supports ipv6 in their implementation. If I ever get it working, I will post a thread on my blog. And to be clear on what I want todo; enable SSLVPN6 for native ipv6 clients enable SSLVPN6 for ipv4 that attaches via ipv4 to a FGT and get a tunnel-mode ipv6 address TAC was clueless and never provided me a working example. I figure it would be the same ( as ipv4 ) but I ran into issues defining a ipv6-pool to the SSLvpn configuration fwiw.
    NKL
    NKLAuthor
    New Member
    May 13, 2014
    enable SSLVPN6 for ipv4 that attaches via ipv4 to a FGT and get a tunnel-mode ipv6 address TAC was clueless and never provided me a working example
    That would have been the second task on my list :) No need to even try, then.
    ispcolohost
    ispcolohost
    New Member
    March 20, 2020

    NKL on the off chance you're still around, could you post your config that got v6 tunneled over v4 forticlient ssl vpn?  I'm having trouble determining a setup that assigns the forticlient on a v4-only system both addresses and tunnels the v6 over v4.

    Terms & ConditionsCookie settingsAccessibility statement