Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Dinesh_FTNT
Staff
Staff

Created on ‎02-28-2019 07:19 AM

Article Id 189514

Technical Note: SD-WAN configuration for IPv6

Description

SD-WAN now supports IPv6. It supports all load balance modes, health checking (ping6), service rules for source address, source user / group and destination address.

FortiOS 6.0 also increases the configuration limit for health checks and priority rules in SD-WAN.

The limit for both health checks and priority rules is increased from 256 to 4096 globally and 512 to 4096 per VDOM.


Scope
FortiOS 6.0

Solution
SD-WAN is supported for IPv6 for Fortigate Models running with kernel version 3.2 and above.

- Configure SD-WAN member interfaces - CLI:
config system virtual-wan-link
    config members
        edit <sequence-number>
            set interface <interface-name>
            set gateway6 <gateway-address>
        next
    end
end
- Enable SD-WAN - CLI:
config router static6
    edit <sequence-number>
        set virtual-wan-link enable
    next
end
- Configure health check (IPv6) - CLI:
config system virtual-wan-link
    config health-check
        edit <health-check-name>
            set address-mode ipv6
            set protocol ping6
        next
    end
end
- Configure service rules - CLI:
config system virtual-wan-link
    config service
        edit <priority-rule-ID>
           set name <rule-name>
           set addr-mode ipv6
           set member <sequence-number>
           set dst6 <destination-address-name>
           set src6 <source-address-name>
        next
   end
end
- Configure Firewall Policy - CLI
config firewall policy6
    edit <id>
        set srcintf <Source interface>
        set dstintf virtual-wan-link
        set dstaddr all
        set srcaddr all
        set action accept
        set status enable
    next
end
Note: FortiGate models (200D, 70D) do not support SDWAN for IPv6, it is hardware limitation.


Labels:
7153
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.