Hi everyone,
I am trying to configure firewall policies for IPv6 with an ISP delegated prefix.
Is there a way to configure an IPv6 address object that will automatically use the delegated prefix from the upstream interface?
Example:
I have wan1 configured as upstream interface and request a ::/56 prefix from my ISP.
I assign IPv6 addresses to my VLAN Interface with a ::/64 netmask with the delegated prefix.
All this is working flawlessly.
However I'd like to be able to configure a IPv6 address object for the network of one of my VLAN sub-interfaces which gets updated automatically in case the ISP changes the prefix delegated to me.
I am aware that using FQDN address objects would circumvent this problem, but in my case, the Fortigate is also acting as the DNS Server.
This only moves the problem to the FortiGate DNS Server configuration, and I haven't found a way to configure an A record entry that would use the delegated prefix and also update it.
I've googled my problem but haven't found any useful information on the web so maybe some IPv6 expert here can help me out...
Thanks,
Flo
Hello Flo
"I am aware that using FQDN address objects would circumvent this problem, but in my case, the Fortigate is also acting as the DNS Server."
I'm afraid you have the correct answer in your post.
Fortigate as a DNS server is a bad idea (IMHO), useful only in a very basic scenarios where there's not other choice.
regards
/ Abel
Hi Abel,
Thanks for your reply, even though that's not the answer I wanted to hear/read ;)
Maybe some time in the future we will get this feature, since home equipment vendors like AVM have it already.
Regards, Flo
I can post my working DHCPv6-PD config later this afternoon/tonight when I get home if no one else does. I know SLAAC works on it, and nothing is hard-coded. They made a couple changes in 7.0/7.2? code related to this, so it can be a little off if following older doc.
I am not sure how DHCPv6-PD config would help in the scenario I've described, but maybe I am missing something. So sure, if you want to share it I'll have a look.
Thanks,
Flo
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.