Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wigster
New Contributor

Created on ‎03-05-2025 01:53 PM Edited on ‎03-05-2025 02:00 PM

Adding IPv6 ULA to interface already configured with Prefix Delegation

Hello, 

My ISP delegates an IPv6 prefix but, unfortunately, it's dynamic and changes weekly. It works though and two LAN interfaces successfully have prefixes. Great!

I would now like to add a ULA to an interface but cannot see a way to add a second IPv6 address if the interface is set dynamically. For testing (please excuse the short ULA), I switched from the interface itself having a prefix delegated to having a ULA:

 

 

config ipv6
  set ip6-address fdfc:c::40/64
  set ip6-allowaccess ping https
  set ip6-send-adv enable
  set ip6-other-flag enable
  config ip6-prefix-list
    edit fdfc:c::/64
    next
  end
  config ip6-delegated-prefix-list
    edit 1
    set upstream-interface "wan1"
    set delegated-prefix-iaid 1
    set subnet 0:0:0:1::/64
   set rdnss-service default
  next
  end
end

 

 

I have (accidentally) stumbled upon a solution. It seems to work but is this actually valid configuration?

Many thanks for reading

Labels:
407
0 Kudos
5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Created on ‎03-09-2025 09:59 PM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
342
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎03-13-2025 01:51 AM

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Thanks,

Anthony-Fortinet Community Team.
317
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎03-14-2025 01:29 AM

To add an IPv6 Unique Local Address (ULA) to an interface already configured with prefix delegation on a FortiGate:

  1. Access the CLI: Log in to your FortiGate device using the CLI.
  2. Edit the Interface: Enter the configuration mode for the specific interface where you want to add the ULA.

shell
config system interface
edit "port5" <----- Replace "port5" with your actual interface name.

  1. Configure IPv6 ULA: Add the ULA to the interface configuration:

 

shell
config ipv6
set ip6-address fdxx:xxxx:xxxx::1/64 <----- Replace with your ULA.
end

  1. Retain Existing Configuration: Ensure that the existing prefix delegation settings remain unchanged.
  2. Save and Exit: Save the configuration and exit.

shell
end

Anthony-Fortinet Community Team.
303
wigster
New Contributor
In response to Anthony_E

Created on ‎03-14-2025 03:42 AM

Hi Anthony, 

Thanks for getting back to me, it's appreciated. 

If an interface is configured to use a delegated prefix, trying to set ip6-address returns an error:

(ipv6) # set ip6-address fdfc:c::40/64
Can't change dynamic IPv6.
Command fail. Return code -651


Is it actually possible to add a ULA to an interface with prefix delegation?

Thanks again


287
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎03-14-2025 03:53 AM

Hello,

 

I really hope we will find an answer and fix your issue :)!

I will try to find an expert for your question, and will come back to you ASAP.

 

Regards,

Anthony-Fortinet Community Team.
278
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.