FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to ensure that the firewall will not respond to or forward IPv6 traffic.
Scope
FortiOS 7.x.x.
Solution
Sometimes, it is required to entirely disable IPv6 from the firewall for regulatory purposes.
When disabling the visibility of IPv6 in the GUI, it is still possible to configure IPv6 in the CLI.
In that case, it would be possible for the firewall to respond to IPv6 packets even when it is not wanted.
It is possible to make a local-in policy to deny all IPv6 traffic. This will ensure that even if IPv6 is configured on an interface, it will not respond to ping or forward traffic.
config firewall local-in-policy6 edit 1 set intf "any" set srcaddr "all" set dstaddr "all" set service "ALL" set schedule "always" next end
