| Description | This article describes how and what is needed to check when configuring SSL VPN with IPv6. |
| Scope | FortiGate. |
| Solution |
The configuration is similar to the IPv4, however, it is necessary to verify the information the user who is trying to connect the SSL VPN with Ipv6, should have the IPv6 address on his PC. Firstly, it is necessary to enable the IPv6 from the feature visibility.
Once the IPv6 is enabled, configure the IPv6 address on the WAN interface.
Once configuring the IPv6 address on the interface, it is possible to configure SSL VPN. Refer to the below link for the configuration: SSL VPN full tunnel for remote user
Below are the sample SSL VPN settings and SSL VPN portal using IPV6.
Note that while creating a policy, remember to create it with an IPv6 address. Configure Firewall Policy using IPV6 address for source and destination.
Once the client machine has a relevant public IPv6 address on the network, download the FortiClient tool and configure it using the public IPv6 address of the FortiGate and the associated listening SSL VPN port number.
Below is the sample configuration:
Once, connected the user will receive the IPv6 address and can access the IPv6 subnet. It is possible to check the user details from GUI (Enable the SSL VPN monitor from the dashboard) and CLI:
FGT-HO # get vpn ssl monitor
On the Forticlient end, observe that SSL VPN is established and it uses the IPv6 address from the configured IPv6 range configured in SSL VPN settings.
Related documents: Technical Tip: How to configure specific SSL VPN address pool to SSL VPN Users/Usergroup |
