| Description | This article describes the issue of a FortiGate receiving unsolicited DHCPv6 multicast packets and explains how to troubleshoot and potentially resolve this issue. The FortiGate is receiving repeated DHCPv6 solicitations from multiple link-local addresses, even though IPv6 features are not enabled on the device. |
| Scope | FortiOS v7.4. |
| Solution |
To troubleshoot this issue, first, capture packets to check the traffic flow direction using the command below:
diagnose sniffer packet any 'ip6 and host ff02::1:2' 6 0 a
Then, check the log settings to see if the fwpolicy-implicit-log is enabled; any multicast/broadcast packet received by FortiGate without matching any firewall policy was denied and triggered the event log. If it is, disable it to prevent the deny log from being generated.
config log setting
Deny log (log id 00010000014) was generated when FortiGate received IPv6 multicast traffic:
Any denied multicast/broadcast traffic will not generate a deny log if the local-in-deny-broadcast setting is disabled.
config log setting
Related article: |
