Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
alif
Staff
Staff

Created on ‎05-10-2009 10:53 AM Edited on ‎08-08-2024 03:10 PM By Moderator

Article Id 195325

Technical Tip: IPv6 support

Description

 

This article describes that FortiGates are dual IP layer IPv6/IPv4 nodes.
It supports IPv6 over IPv4 tunneling, routing, firewall policies, and IPsec VPN.
It is possible to assign both an IPv4 and an IPv6 address to any interface on a FortiGate- the interface functions as two interfaces, one for IPv4-addressed packets and another for IPv6-addressed packets.

Internet Protocol version 6 (IPv6) will succeed IPv4 as the standard networking protocol of the Internet.
IPv6 provides several advances over IPv4 but the primary reason for its replacing IPv4 is its limitation in addresses.
IPv4 uses 32-bit addresses which means there is a theoretical limit of 2 to the power of 32.

The IPv6 address scheme is based on a 128-bit address or a theoretical limit of 2 to the power of 128.

Solution

 

To configure IPv6 features using the GUI, IPv6 has to be enabled using Feature Select.

Go to System -> Feature Visibility, enable IPv6, and select 'Apply'.



 
Once enabled, it will be possible to use IPv6 addresses as well as the IPv4 address for the following FortiGate firewall features:
 
  • Static routing.
  • Policy Routing.
  • Packet and network sniffing.
  • Dynamic routing (RIPv6, BGP4+, and OSPFv3).
  • IPsec VPN.
  • DNS.
  • DHCP.
  • SSL VPN.
  • Network interface addressing.
  • Security Profiles protection.
  • Routing access lists and prefix lists.
  • NAT and transparent mode.
  • NAT 64 and NAT 66.
  • IPv6 tunnel over IPv4 and IPv4 tunnel over IPv6.
  • Logging and reporting.
  • Security policies.
  • SNMP.
  • Authentication.
  • Virtual IPs and groups.
  • IPv6 over SCTP.
  • IPv6-specific troubleshooting, such as ping6.

Once IPv6 support is enabled, it is possible to configure the IPv6 options using the web-based manager or the CLI.

 

To add an IPv6 to the address object.
Once IPv6 has been enabled on the Feature Visibility Tab:
It is possible to go to Address Object -> Create New -> IPv6 Address Template until 7.2.8. On 7.4 code and above, go to Policy and Objects -> Addresses on top and select IPv6 Address. See the screenshot attached:
 
Until 7.2.8:
 
1..PNG
 
2..PNG
 
For 7.4+:
 
3..PNG
 
4..PNG
For more information on IPv6, refer to the FortiGate IPv6 Support Technical Tip available from the Fortinet Technical Documentation site (docs.fortinet.com) or related articles for some configuration examples.
 
Related document:

 

Related Articles:

Technical Note : RIPnG (RIP IPv6) configuration example

Technical Note: OSPFv3 (OSPF for IPv6) configuration example

Technical Tip: How to setup the FortiGate to assign IPv6 addresses

Labels:
21019
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.