Description | This article describes the steps to configure NAT66 on a FortiGate device, including the necessary firewall policies and configuration steps along with troubleshooting commands. |
Scope | FortiGate. |
Solution |
NAT66 (Network Address Translation for IPv6) allows the translation of one IPv6 address to another, similar to how NAT is implemented for IPv4 (NAT44) using VIP. This can be useful when you need to translate internal IPv6 addresses to external IPv6 addresses in specific scenarios, such as network security, load balancing, or to meet routing requirements.
Prerequisites:
Step 1: Create the IPv6 VIP:
GUI:
CLI:
config firewall vip6 edit "example-vip6" set extip 2a02:xx::xx end
Step 2: Apply the IPv6 VIP in a Firewall Policy:
GUI:
CLI:
config firewall policy edit 'ID' set name "NAT66" next end
Troubleshooting commands:
Routing & Neighbor solicitation list commands:
get sys status
IPv6 traffic debug Commands:
di de reset
To stop the debug:
di de dis
IPv6 session list:
di sys session6 filter clear
Sniffer Commands:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.