Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
knaveenkumar
Staff
Staff

Created on ‎07-29-2025 12:57 AM Edited on ‎09-10-2025 03:55 AM By Moderator

Article Id 398403

Technical Tip: How to make only IPv6 IP visible for IPsec VPN Remote Gateway

Description This article describes how to make only IPv6 visible for the IPsec VPN Remote Gateway.
Scope FortiGate.
Solution

Go to the IPsec phase1 settings, enable the 'Local Gateway' option, choose the option 'Specify' and enter the particular IPv4 and IPv6 address:

 

1.PNG

 

CLI commands for specifying the Local gateway IP:

 

config vpn ipsec phase1-interface

    edit "<name>"

        set local-gw x.x.x.x 

    next  

end                                                                                                  

 

Note:

Always verify the local-id settings under phase1 configuration in case the remote side is specifying local and remote IDs. By default, FortiGate is going to use the primary IP for an IKE identification payload. Along with local-id settings, verify local-id type too.

Additionally, while the SSL VPN configuration allows specifying the listen interfaces, it does not provide an option to designate a specific IP address as the gateway within the SSL VPN settings, like IPsec.

 

Related article:

Technical Tip: Limitations of hiding the IPv4 address and only making IPv6 address as visible for Re...
233
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.