Hello everyone,
I don't remember since when but already for several releases I have an anomaly in the list of users authenticated in wifi through WAP2 Enterprise protocol. User authentication is provided by a Radius server that authenticates users in an AD Domain ( NPS ) .
After their authentication I also see in the user list a set of IPV6 addresses linked to the authenticated usernames . Where do these addresses come from ? from the fact that their laptops and smartphones also have ipv6 link enabled ? because the DHCP configured on the Fortigate does not have a lease enabled in IPV6..
Has this happened to anyone?
Regards
Fabio
Hello,
the list of users with ipv6 only happens with WPA2 Enterprise wifi and not for example with others that I manage in WPA2/3 or Captive Portal. There must be something with the Windows AD and his NPS ( Radius module ) . I'll also put you the screenshot with the Collector Agent users installed on the Domain Controller but here you don't see users connected in IPV6.
I'm going to see if any configuration of the NPS that runs the RADIUS module has qualvhe problem with hosts that have IPV6 interface enabled.
Then as you see with the user in a few seconds it takes several IP addresses in IPV6.. and this user has an iPhone not a Windows laptop.
Hi Debbie,
i just run the command, but list only user with IPV4 and not IPV6..
I attached the screens of my FortiAnalyzer and Fortigate when the IPV6 has detects.
When the client is authenticated, the FGT detects, in addition to the IPV4 address which is filtered here, the IPV6 address, with this reason by NONE packet and as you can see this process is repeated numerous times, it does not stop, showing different IPV6 addresses, each time different.
What I would like is for the FGT not to count these entries as Firewall Users and for them not to appear in that list which causes me confusion in the total user count.
Hello,
in the command 'dia user device list' there aren't the ipv6 address:
vd root/0 be:d5:55:02:d6:0f gen 238495 req 0
created 603163s gen 238333 seen 603162s WIFI_PUB_2 gen 1206
ip 10.3.6.50 src arp
vd root/0 42:6b:06:2b:8e:49 gen 244237 req 0
created 517588s gen 243741 seen 312868s WIFI_PUB gen 1294
ip 10.3.4.110 src arp
hardware vendor 'Apple' src http id 1716 weight 220
type 'Phone' src http id 1716 weight 220
family 'iPhone' src http id 1716 weight 220
os 'iOS' src http id 1716 weight 220
hardware version '11' src dns id 4598 weight 200
software version '16.3.1' src http id 1716 weight 220
host 'iPhone-XXXXXXX' src dns
vd root/0 48:9e:bd:5e:4f:a6 gen 222817 req 0
created 1025744s gen 222039 seen 15s VLAN_19 gen 1099
ip 10.12.7.93 src arp
hardware vendor 'HP' src dns id 3521 weight 150
type 'Printer' src dns id 3521 weight 150
family 'OfficeJet' src dns id 3521 weight 150
os 'Linux' src mwbs id 3340 weight 50
host 'EXXXXXXXX' src mwbs
But even disabling the Device Detection option, the IPV6 addresses still remain.
I noticed one thing that if I see in a Windows Pc the virtual interfaces for example just of the FortiClient you will notice that it has an IPV6 address .
I did a test with my iPhone where I can't disable the IPV6 address on wifi interface and it detect it at the first time you log in.
This evidently means that every interface both physical and virtual if not disabled has an IPV6 address.
