- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevice
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiSASE Sovereign
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Fortigate 7.6.4 - VPN IPsec SAML Dialup IPv4/IPv6
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 7.6.4 - VPN IPsec SAML Dialup IPv4/IPv6
Hello everyone,
we are currently running a FortiGate on firmware 7.6.4 with an IPsec dialup VPN using SAML authentication over IPv4. This setup works without any issues.
However, more and more of our users are receiving IPv6-only connections from their ISPs (no public IPv4 available anymore), which causes the IPsec tunnel to fail. Because of this, we want to migrate the dialup VPN to IPv4/IPv6 (dual stack).
I have several questions regarding the required prerequisites:
Does the FortiGate WAN interface need a public IPv6 address from the ISP in order for IPv6-only clients to connect?
Does the FQDN used for the dialup VPN also need a AAAA DNS record, so clients can resolve the FortiGate over IPv6?
Is switching the Phase1/Phase2 interface to “IPv4/IPv6”, and adding IPv6 firewall policies enough? What about the DNS resolution of the internal hosts?
Thanks in advance, is there any migrating doc available? I can only see SSL VPN IPV6 docs.
372
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello fabs,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Jean-Philippe - Fortinet Community Team
Jean-Philippe - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We are still looking for an answer to your question.
We will come back to you ASAP.
Regards,
Jean-Philippe - Fortinet Community Team
Jean-Philippe - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your feedback.
The reason I am considering enabling dual stack on the IPsec dialup VPN is because we have several employees who can connect to the VPN from their home office, but they cannot access any applications located on the routed local network.
This is because these employees only receive an IPv6 address from their ISP.
I have now received an IPv6 address range from my ISP and setup a static IPv6 on the WAN interface. I also created a static route to the IPv6 gateway.
I created an AAAA entry on the FQDN.
I can now resolve this FQDN from outside and ping when I activate it on the WAN interface.
I also configured dual stack on this VPN tunnel. The clients also receive an IPv4 + IPv6 address.
Is this now sufficient to grant connection to employees who only receive an IPv6 address from their ISP, or are further adjustments to the Fortigate required?
Best Regards
fabs
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello again fabs :)
I found this solution. Can you tell us if it helps, please?
To ensure that your FortiGate IPsec dial-up VPN can accommodate users with IPv6-only connections, follow these steps:
-
Public IPv6 Address on WAN Interface: Yes, the FortiGate WAN interface needs a public IPv6 address from your ISP. This allows IPv6-only clients to connect to the FortiGate.
-
FQDN with AAAA DNS Record: Yes, the FQDN used for the dialup VPN should have an AAAA DNS record. This ensures that clients can resolve the FortiGate's address over IPv6.
-
Phase1/Phase2 Interface Configuration: Switching the Phase1/Phase2 interface to "IPv4/IPv6" and adding IPv6 firewall policies is necessary. Ensure that both IPv4 and IPv6 selectors are configured in Phase 2.
-
DNS Resolution for Internal Hosts: Ensure that internal DNS servers can resolve both IPv4 and IPv6 addresses for internal hosts. If internal applications are accessible over IPv6, ensure that DNS records are updated accordingly.
-
Additional Considerations:
- Verify that the FortiGate's security policies allow traffic over both IPv4 and IPv6.
- Ensure that any NAT or routing configurations are updated to handle IPv6 traffic.
- Test the connection from an IPv6-only client to ensure that all configurations are working as expected.
Since you have already configured a static IPv6 on the WAN interface, created a static route to the IPv6 gateway, and set up dual-stack on the VPN tunnel, these steps should be sufficient. However, thorough testing is recommended to confirm that all users can connect and access necessary resources.
Currently, there is no specific migration document for IPsec VPN dual-stack configuration, but the steps outlined should guide you through the process.
Regards,
Jean-Philippe - Fortinet Community Team
Jean-Philippe - Fortinet Community Team
Created on 11-26-2025 04:23 AM Edited on 11-26-2025 04:31 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I must correct myself again: we only want clients who have an IPV6 address from their ISP to be able to connect to the VPN. (DS-LITE)
The client itself does not need a dual stack address on the VPN adapter, as no IPV6 network need to be reached after the firewall, only IPV4.
In this case, it is sufficient for the tunnel to listen to the IPV6 gateway and issue an IPv4 address, is that correct?
The following problem: I have now created a separate VPN tunnel for the IPv6 gateway, analogous to my current VPN tunnel that listens to the IPv4 gateway. The configuration is identical except that the IPv6 tunnel has “set ip-version 6” set.
And I have created a separate firewall policy for this IPv6 tunnel that goes to a VLAN.
The client can connect via IPv6, receives an IPv4 address, but the tunnel breaks after several seconds.
In the FortiClientVPN 7.4.3.1790 status window, you can briefly see traffic on outgoing, but not on incoming.
2025-11-26 13:00:03.890938 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: VID forticlient connect license 4C53427B6D465D1B337BB755A37A7FEF
2025-11-26 13:00:03.890982 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: VID Fortinet Endpoint Control B4F01CA951E9DA8D0BAFBBD34AD3044E
2025-11-26 13:00:03.891025 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: VID Forticlient EAP Extension C1DC4350476B98A429B91781914CA43E
2025-11-26 13:00:03.891069 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: received notify type NAT_DETECTION_SOURCE_IP
2025-11-26 13:00:03.891111 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: received notify type NAT_DETECTION_DESTINATION_IP
2025-11-26 13:00:03.891153 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: received notify type VPN_NETWORK_ID
2025-11-26 13:00:03.891194 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: NETWORK ID : 0
2025-11-26 13:00:03.891278 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: incoming proposal:
2025-11-26 13:00:03.891334 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: proposal id = 1:
2025-11-26 13:00:03.891372 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: protocol = IKEv2:
2025-11-26 13:00:03.891409 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: encapsulation = IKEv2/none
2025-11-26 13:00:03.891449 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=ENCR, val=AES_CBC (key_len = 128)
2025-11-26 13:00:03.891487 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=INTEGR, val=AUTH_HMAC_SHA_96
2025-11-26 13:00:03.891526 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=PRF, val=PRF_HMAC_SHA
2025-11-26 13:00:03.891564 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=DH_GROUP, val=MODP2048.
2025-11-26 13:00:03.891611 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: proposal id = 2:
2025-11-26 13:00:03.891648 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: protocol = IKEv2:
2025-11-26 13:00:03.891685 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: encapsulation = IKEv2/none
2025-11-26 13:00:03.891724 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=ENCR, val=AES_CBC (key_len = 256)
2025-11-26 13:00:03.891762 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-11-26 13:00:03.891800 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=PRF, val=PRF_HMAC_SHA2_256
2025-11-26 13:00:03.891838 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=DH_GROUP, val=MODP2048.
2025-11-26 13:00:03.891900 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: matched proposal id 2
2025-11-26 13:00:03.891961 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: proposal id = 2:
2025-11-26 13:00:03.891995 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: protocol = IKEv2:
2025-11-26 13:00:03.892028 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: encapsulation = IKEv2/none
2025-11-26 13:00:03.892062 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=ENCR, val=AES_CBC (key_len = 256)
2025-11-26 13:00:03.892096 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=INTEGR, val=AUTH_HMAC_SHA2_256_128
2025-11-26 13:00:03.892129 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=PRF, val=PRF_HMAC_SHA2_256
2025-11-26 13:00:03.892162 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: type=DH_GROUP, val=MODP2048.
2025-11-26 13:00:03.892195 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: lifetime=86400
2025-11-26 13:00:03.892237 ike V=root:0:b75e46c47db7d2b6/0000000000000000:1766: SA proposal chosen, matched gateway XXXXXX IPv6
2025-11-26 13:00:03.892303 ike V=root:0:XXXXXX IPv6:XXXXXX IPv6: created connection: 0x556231c430 7 XXXX:XXXX:X:XX:X->XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500.
2025-11-26 13:00:03.892377 ike V=root:0:XXXXXX IPv6:1766: processing notify type NAT_DETECTION_SOURCE_IP
2025-11-26 13:00:03.892462 ike V=root:0:XXXXXX IPv6:1766: processing NAT-D payload
2025-11-26 13:00:03.892505 ike V=root:0:XXXXXX IPv6:1766: NAT not detected
2025-11-26 13:00:03.892540 ike V=root:0:XXXXXX IPv6:1766: process NAT-D
2025-11-26 13:00:03.892574 ike V=root:0:XXXXXX IPv6:1766: processing notify type NAT_DETECTION_DESTINATION_IP
2025-11-26 13:00:03.892636 ike V=root:0:XXXXXX IPv6:1766: processing NAT-D payload
2025-11-26 13:00:03.893031 ike V=root:0:XXXXXX IPv6:1766: NAT not detected
2025-11-26 13:00:03.893070 ike V=root:0:XXXXXX IPv6:1766: process NAT-D
2025-11-26 13:00:03.893106 ike V=root:0:XXXXXX IPv6:1766: FEC vendor ID received FEC but IP not set
2025-11-26 13:00:03.893139 ike 0:XXXXXX IPv6:1766: FCT EAP 2FA extension vendor ID received
2025-11-26 13:00:03.893227 ike V=root:0:XXXXXX IPv6:1766: responder preparing SA_INIT msg
2025-11-26 13:00:03.895481 ike V=root:0:XXXXXX IPv6:1766: create NAT-D hash local XXXX:XXXX:X:XX:X/500 remote XXX:2f4:XXXX:XXXX:e51a:XXXX:d99:150d/500
2025-11-26 13:00:03.895552 ike 0:XXXXXX IPv6:1766: out B75E46C47DB7D2B68D89CB6A4A265D392120222000000000000001A0220000300000002C020100040300000C0100000C800E01000300000802000005030000080300000C000000080400000E28000108000E0000
038DA649195759F48CC3CC3D14827135530B340B1EE35D19228A3633F73485157912D7A7AFC73665BA435E21402BF6DA096B46D3802E04979F0A6A3A278803C16B9704D2FF21FB0C41CB29BDBB4CEE10B0C16065DC8BA1C37D10D09D774C90DD15A2E0A6C48AA54C468528A882DB205
3059197945CB15B96B795E79FEC58F2D5C078EAC72159A2C4E28801BFFFE585A3426195EB23BF9EF0AC1ECE68BD12849410DF769D3DC85A328D6303759B5DA3DF1ECA15E118BB81B7B68F4A61A98BD17894831D4FA9C0B5A78D1DF3B3D723C49FC214E6AD8B5B0C5633521157C149F3
74074438011D05581A1D84BE3532858351D4B1DFC801CF8133BB22BCFCC7CD765B29000014DF2D0C5FAAD95BA6DD5C8168067F6BA02900001C0000400482373B1A8722410DB8B655B7D93C15CE6E7BCF640000001C00004005E56810D3A63D90FF9005B399335D686843D6FE34
2025-11-26 13:00:03.895694 ike V=root:0:XXXXXX IPv6:1766: sent IKE msg (SA_INIT_RESPONSE): XXXX:XXXX:X:XX:X:500->XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500, len=416, vrf=0, id=b75e46c47db7d2b6/8d89cb6a4a265d39, oif=7
2025-11-26 13:00:03.895849 ike 0:XXXXXX IPv6:1766: IKE SA b75e46c47db7d2b6/8d89cb6a4a265d39 SK_ei 32:701DA4741CD8EAD5F642E82E816551E04A4018873F8CFF856EC96DD143363B97
2025-11-26 13:00:03.895896 ike 0:XXXXXX IPv6:1766: IKE SA b75e46c47db7d2b6/8d89cb6a4a265d39 SK_er 32:C98A8A83CFDE242B28F00ACE578CE8D12B6F6FC0F60017F7F669FB1D0AC2955E
2025-11-26 13:00:03.895939 ike 0:XXXXXX IPv6:1766: IKE SA b75e46c47db7d2b6/8d89cb6a4a265d39 SK_ai 32:AD6916CEE1D8B8C5670FC1A76C8617C3FFD7445F62591536C48C729CDDB21DE2
2025-11-26 13:00:03.895982 ike 0:XXXXXX IPv6:1766: IKE SA b75e46c47db7d2b6/8d89cb6a4a265d39 SK_ar 32:08AF1C2D3F13F90F75AD51E9F9732701EA6A5E28491D22DF25471D1BF0F079B1
2025-11-26 13:00:03.920672 ike V=root:0: comes XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500->XXXX:XXXX:X:XX:X:500,ifindex=7,vrf=0,len=656....
2025-11-26 13:00:03.920750 ike V=root:0: IKEv2 exchange=AUTH id=b75e46c47db7d2b6/8d89cb6a4a265d39:00000001 len=656
2025-11-26 13:00:03.920800 ike 0: in B75E46C47DB7D2B68D89CB6A4A265D392E202308000000010000029023000274CC5B1A9A13473CEFB8843CC7E8C20B34B1A19724ACC3B71BCD69EDE838A44BCACC4D2F16AD21F5B8F69DEC0CAABDE0586805B31660134D3A2BC0FEEF83
6C96536AB436C6BD63BEB4CE5647F458F00C0D12B4F90177EB51AD794CF92260B84DDE566098681FF1D81F85A37CC88F8C3B4C5EB608853D57168B493208E6DE8100DD148754BA589EDC46DD02FE496E9DDB1DC964F3CF08E655046CBE9D01EB3562A4D15588229686390B4F8BEC202
6C14C353D1977642B8876ABA77DE0948EBD34BE705AC828039704774B771B6CED038EFA89D15AA193475A90C8DE5899D91E3BDD7172164A0F67621136460F5F34144EF925F1C5EF4F86B865877BBABA5B858BD134030640E3E3D8336535C2D3F733BA518BB0A0FDD83FEB57B8652397
830A05F07CA0B69346E5807A7A8480D6555EFCD1A073382B777414AD7EF2AAAE0336837699B75C8D1C12C36CF69B39387BAE7A8603A5B2BAC66ACCC8D78E11BD098AE7D71FE134BB9789ECB4FAB261303BC4630B9367C5C4C4E0BFFE28CF73156D41CE56D5DBEDB80E7576CB9CA71FC
2FF78A01E9B3C7265F8188AE4AF1C6BE752EDF5502BC4B6901D77AA586163089090DE9D6478850D02CD90BACA70CC8457CD19446352AAD1B1E9769FFFB3CA6DD44502A5A843F9786AF4FE1328291399F6F96F0E8D3F8C5419CE6E200F7C982076FFBF8F8F9EA03189E65CCA729CB631
1F97E9804118ADE417C54D0E475D8B4F798F827DC52207E5A23748E2E6D1CF1C821574FE28D550FCB7F8E0F0074146A0B6708A3C87FE9B25AFA360BDD8A3F0C8BA53879C0491C8580E348D00851F0EEB397AF4465C95710A4F576AF3AF09B516A58913EC01D9E26F7B60E2444BF979A
980A757E113
2025-11-26 13:00:03.920995 ike 0:XXXXXX IPv6:1766: dec B75E46C47DB7D2B68D89CB6A4A265D392E202308000000010000026F230000042900000C020000006970763629000008000040002F00015B0000F1005645523D310A4643545645523D372E342E332E313739300A
5549443D32343943393842364438463434443543383237313734364436343834444636410A49503D31302E31302E38362E3130330A4D41433D39302D32652D31362D61662D34662D39343B66342D37622D30392D65662D30662D38633B30302D30302D30302D30302D30302D30303B3
0302D66662D64662D36392D34332D66643B30302D30302D30302D30302D30302D30303B66342D37622D30392D65662D30662D38383B66342D37622D30392D65662D30662D38393B66362D37622D30392D65662D30662D38383B0A484F53543D5654452D50432D50433238375736520A
555345523D697076360A4F535645523D4D6963726F736F66742057696E646F777320313120456E74657270726973652045646974696F6E2C2036342D62697420286275696C64203236323030290A5245475F5354415455533D300A002100005C0100000000070010464354383030313
8393735313136363500010000000200000003000000040000000D00000019000000080000000F0000000A0000000B000070010000540A0000540B00007000000070060000001900002C0000540200002801030403471B13040300000C0100000C800E00800300000803000002000000
08050000000000002802030403471B13040300000C0100000C800E0100030000080300000C00000008050000002D00001801000000070000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00000000FFFFFFFF
2025-11-26 13:00:03.921091 ike V=root:0:XXXXXX IPv6:1766: responder received AUTH msg
2025-11-26 13:00:03.921130 ike V=root:0:XXXXXX IPv6:1766: processing notify type INITIAL_CONTACT
2025-11-26 13:00:03.921205 ike V=root:0:XXXXXX IPv6:1766: processing notify type FORTICLIENT_CONNECT
2025-11-26 13:00:03.921315 ike V=root:0:XXXXXX IPv6:1766: received FCT data len = 339, data = 'VER=1
FCTVER=7.4.3.1790
UID=249C98B6D8F44D5C8271746D6484DF6A
IP=10.10.86.103
MAC=90-2e-16-af-4f-94;f4-7b-09-ef-0f-8c;00-00-00-00-00-00;00-ff-df-69-43-fd;00-00-00-00-00-00;f4-7b-09-ef-0f-88;f4-7b-09-ef-0f-89;f6-7b-09-ef-0f-88;
HOST=VTE-PC-XXXXXX
USER=ipv6
OSVER=Microsoft Windows 11 Enterprise Edition, 64-bit (build 26200)
REG_STATUS=0
'
2025-11-26 13:00:03.921407 ike V=root:0:XXXXXX IPv6:1766: received FCT-UID : 249C98B6D8F44D5C8271746D6484DF6A
2025-11-26 13:00:03.921445 ike V=root:0:XXXXXX IPv6:1766: received EMS SN :
2025-11-26 13:00:03.921481 ike V=root:0:XXXXXX IPv6:1766: received EMS tenant ID :
2025-11-26 13:00:03.921517 ike V=root:0:XXXXXX IPv6:1766: received peer identifier FQDN 'ipv6'
2025-11-26 13:00:03.921570 ike V=root:0:XXXXXX IPv6:1766: re-validate gw ID
2025-11-26 13:00:03.921621 ike V=root:0:XXXXXX IPv6:1766: gw validation OK
2025-11-26 13:00:03.921683 ike V=root:0:XXXXXX IPv6:1766: responder preparing EAP identity request
2025-11-26 13:00:03.921915 ike 0:XXXXXX IPv6:1766: enc 270000180500000020014CE00006003100000000000000023000002802000000FEECEF766B3F315C055D29E89A317CCCF195D6507DAE867192DDCED443E56AB700000009019D00050106050403020106
2025-11-26 13:00:03.922022 ike 0:XXXXXX IPv6:1766: out B75E46C47DB7D2B68D89CB6A4A265D392E202320000000010000009024000074F9809695FE99C52D28F06B621377DD24321A23CDB31D238E3D1B50EDECB32D1C14AEF99214CE2E3B7DF277B65D808599F0DC4BB0
8F7653085B1FB57033C1A69E4CEC5AB724C235EB9C1B29D9681CB86B50FC4667FEDC2E91FD2B346F6A3AF0C6E894C28AA81649B3AA4DA22FFE273540
2025-11-26 13:00:03.922140 ike V=root:0:XXXXXX IPv6:1766: sent IKE msg (AUTH_RESPONSE): XXXX:XXXX:X:XX:X:500->XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500, len=144, vrf=0, id=b75e46c47db7d2b6/8d89cb6a4a265d39:00000001, oif=7
2025-11-26 13:00:03.937150 ike V=root:0: comes XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500->XXXX:XXXX:X:XX:X:500,ifindex=7,vrf=0,len=80....
2025-11-26 13:00:03.937219 ike V=root:0: IKEv2 exchange=AUTH id=b75e46c47db7d2b6/8d89cb6a4a265d39:00000002 len=80
2025-11-26 13:00:03.937262 ike 0: in B75E46C47DB7D2B68D89CB6A4A265D392E202308000000020000005030000034A8B155A048D63558DE681A0435912CB023594E27644570356C4C3F7FCC47F11C95AD5CEC0CB1B0F710C50B736FD8F821
2025-11-26 13:00:03.937353 ike 0:XXXXXX IPv6:1766: dec B75E46C47DB7D2B68D89CB6A4A265D392E202308000000020000002D300000040000000D029D00090169707636
2025-11-26 13:00:03.937400 ike V=root:0:XXXXXX IPv6:1766: responder received EAP msg
2025-11-26 13:00:03.937437 ike V=root:0:XXXXXX IPv6:1766: send EAP message to FNBAM
2025-11-26 13:00:03.937487 ike V=root:0:XXXXXX IPv6:1766: initiating EAP authentication
2025-11-26 13:00:03.937523 ike V=root:0:XXXXXX IPv6: EAP user "ipv6"
2025-11-26 13:00:03.937558 ike V=root:0:XXXXXX IPv6: auth group IPv6
2025-11-26 13:00:03.938924 ike V=root:0:XXXXXX IPv6: EAP 1473283510434 pending
2025-11-26 13:00:03.939609 ike V=root:0:XXXXXX IPv6:1766 EAP 1473283510434 result FNBAM_CHALLENGED
2025-11-26 13:00:03.939729 ike V=root:0:XXXXXX IPv6: EAP challenged for user "ipv6"
2025-11-26 13:00:03.939772 ike V=root:0:XXXXXX IPv6:1766: responder preparing EAP pass through message
2025-11-26 13:00:03.939835 ike 0:XXXXXX IPv6:1766: enc 00000025019E00211A019E001C10E3E7046CC047C0BF87A9AB753ACD0E58686F73746170640A0908070605040302010A
2025-11-26 13:00:03.939949 ike 0:XXXXXX IPv6:1766: out B75E46C47DB7D2B68D89CB6A4A265D392E2023200000000200000070300000543F20507451AC3D74DFBB0487A38661FD37E1CDCEEDB033BD08B7FFBB23009902D25BE762561E300B0980B6204162A264DECA0774
8F3C685B7EBBD56F370C39709E0EF9FEEE1A326766359068702134CE
2025-11-26 13:00:03.940111 ike V=root:0:XXXXXX IPv6:1766: sent IKE msg (AUTH_RESPONSE): XXXX:XXXX:X:XX:X:500->XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500, len=112, vrf=0, id=b75e46c47db7d2b6/8d89cb6a4a265d39:00000002, oif=7
2025-11-26 13:00:03.957903 ike V=root:0: comes XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500->XXXX:XXXX:X:XX:X:500,ifindex=7,vrf=0,len=144....
2025-11-26 13:00:03.958019 ike V=root:0: IKEv2 exchange=AUTH id=b75e46c47db7d2b6/8d89cb6a4a265d39:00000003 len=144
2025-11-26 13:00:03.958065 ike 0: in B75E46C47DB7D2B68D89CB6A4A265D392E202308000000030000009030000074A1572B31BB1EC7CA4A741DC162E2B829FB3D8BE909F94F085F46C8B2B3381B233A85F5810B70FFB6112B80CB68FF2B14D7003CE57AA9E6B53982DC996A
EC90E5CC8F2F283E11FD49A2C6115F8ABB068C15E7A1C88FB34AE52A7F86128380F29933A3E25E4C84072912BE837B9B95C3DC
2025-11-26 13:00:03.958197 ike 0:XXXXXX IPv6:1766: dec B75E46C47DB7D2B68D89CB6A4A265D392E20230800000003000000633000000400000043029E003F1A029E003A310805BE0865B6E87F6B09E159E7332A0900000000000000005E6A085932C6AA594FCD621E46AF
F5839B5A1A1D7FA8309D0069707636
2025-11-26 13:00:03.958248 ike V=root:0:XXXXXX IPv6:1766: responder received EAP msg
2025-11-26 13:00:03.958287 ike V=root:0:XXXXXX IPv6:1766: send EAP message to FNBAM
2025-11-26 13:00:03.959019 ike V=root:0:XXXXXX IPv6: EAP 1473283510434 pending
2025-11-26 13:00:03.960353 ike V=root:0:XXXXXX IPv6:1766 EAP 1473283510434 result FNBAM_CHALLENGED
2025-11-26 13:00:03.960443 ike V=root:0:XXXXXX IPv6: EAP challenged for user "ipv6"
2025-11-26 13:00:03.960487 ike V=root:0:XXXXXX IPv6:1766: responder preparing EAP pass through message
2025-11-26 13:00:03.960563 ike 0:XXXXXX IPv6:1766: enc 0000003C019F00381A039E0033533D44313536313535444543363543364330334338364231464339423634303631383641304132384233204D3D4F4B03020103
2025-11-26 13:00:03.960680 ike 0:XXXXXX IPv6:1766: out B75E46C47DB7D2B68D89CB6A4A265D392E202320000000030000008030000064876D857426905B25E083AE36669A4D041B2D6C5838FB8A877A60713C72DFC6DF8C3ED0C0D69F4FAEBE59C903FD5A626FA7D166B8
4CEB01BEACAFEF77EF1F981F4C7CF974680B6E90D030E279A27AEFFDB80BDBC13A0A6E1A119F8329B1AB32A7
2025-11-26 13:00:03.960846 ike V=root:0:XXXXXX IPv6:1766: sent IKE msg (AUTH_RESPONSE): XXXX:XXXX:X:XX:X:500->XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500, len=128, vrf=0, id=b75e46c47db7d2b6/8d89cb6a4a265d39:00000003, oif=7
2025-11-26 13:00:03.976394 ike V=root:0: comes XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500->XXXX:XXXX:X:XX:X:500,ifindex=7,vrf=0,len=80....
2025-11-26 13:00:03.976489 ike V=root:0: IKEv2 exchange=AUTH id=b75e46c47db7d2b6/8d89cb6a4a265d39:00000004 len=80
2025-11-26 13:00:03.976533 ike 0: in B75E46C47DB7D2B68D89CB6A4A265D392E20230800000004000000503000003494AB296ADF229C0248B32C7B8842A3DE0C056904057DB4202D86198B86A74725BC61B2257EDB57FD3582E8318C464B62
2025-11-26 13:00:03.976649 ike 0:XXXXXX IPv6:1766: dec B75E46C47DB7D2B68D89CB6A4A265D392E202308000000040000002A300000040000000A029F00061A03
2025-11-26 13:00:03.976696 ike V=root:0:XXXXXX IPv6:1766: responder received EAP msg
2025-11-26 13:00:03.976734 ike V=root:0:XXXXXX IPv6:1766: send EAP message to FNBAM
2025-11-26 13:00:03.977895 ike V=root:0:XXXXXX IPv6: EAP 1473283510434 pending
2025-11-26 13:00:03.978002 ike V=root:0:XXXXXX IPv6:1766 EAP 1473283510434 result FNBAM_SUCCESS
2025-11-26 13:00:03.978052 ike V=root:0:XXXXXX IPv6: EAP succeeded for user "ipv6" group "IPv6" 2FA=no
2025-11-26 13:00:03.978167 ike V=root:0:XXXXXX IPv6:1766: responder preparing EAP pass through message
2025-11-26 13:00:03.978229 ike 0:XXXXXX IPv6:1766: enc 00000008039F00040706050403020107
2025-11-26 13:00:03.978322 ike 0:XXXXXX IPv6:1766: out B75E46C47DB7D2B68D89CB6A4A265D392E20232000000004000000503000003493546B14E67209166A57B5B31B79356C20899091DC5A06E932B97FC245A9CF7A8BE31A29C462E3D6324DD2F32F261AEB
2025-11-26 13:00:03.978435 ike V=root:0:XXXXXX IPv6:1766: sent IKE msg (AUTH_RESPONSE): XXXX:XXXX:X:XX:X:500->XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500, len=80, vrf=0, id=b75e46c47db7d2b6/8d89cb6a4a265d39:00000004, oif=7
2025-11-26 13:00:03.996478 ike V=root:0: comes XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500->XXXX:XXXX:X:XX:X:500,ifindex=7,vrf=0,len=112....
2025-11-26 13:00:03.996540 ike V=root:0: IKEv2 exchange=AUTH id=b75e46c47db7d2b6/8d89cb6a4a265d39:00000005 len=112
2025-11-26 13:00:03.996583 ike 0: in B75E46C47DB7D2B68D89CB6A4A265D392E202308000000050000007027000054B9595F75F29C8E81C6BDCEA07D197740B4D160B901B52168600415DC3AF50C3BC525746DD1BB0BA9A07EE1B546BC54CFEE5C564E6441DF5DF17DE99B17
ADC0F8ED84B647EAF5921FB55374D57623C745
2025-11-26 13:00:03.996675 ike 0:XXXXXX IPv6:1766: dec B75E46C47DB7D2B68D89CB6A4A265D392E2023080000000500000048270000040000002802000000172A3E18B5D389F11818DC68541B93C398605CBC820454BAA681DA99628EFE53
2025-11-26 13:00:03.996721 ike V=root:0:XXXXXX IPv6:1766: responder received AUTH msg
2025-11-26 13:00:03.996758 ike V=root:0:XXXXXX IPv6:1766: received peer identifier FQDN 'ipv6'
2025-11-26 13:00:03.996844 ike V=root:0:XXXXXX IPv6:1766: auth verify done
2025-11-26 13:00:03.996888 ike V=root:0:XXXXXX IPv6:1766: responder AUTH continuation
2025-11-26 13:00:03.996922 ike V=root:0:XXXXXX IPv6:1766: authentication succeeded
2025-11-26 13:00:03.997006 ike V=root:0:XXXXXX IPv6:1766: responder creating new child
2025-11-26 13:00:03.997074 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 7 request 16:'46435438303031383937353131363635'
2025-11-26 13:00:03.997126 ike V=root:0:XXXXXX IPv6:1766: mode-cfg received APPLICATION_VERSION 'FCT8001897511665'
2025-11-26 13:00:03.997161 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 1 request 0:''
2025-11-26 13:00:03.997201 ike V=root:0:XXXXXX IPv6: mode-cfg allocate 10.72.76.61/0.0.0.0
2025-11-26 13:00:03.997242 ike V=root:0:XXXXXX IPv6:1766: mode-cfg using allocated IPv4 10.72.76.61
2025-11-26 13:00:03.997275 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 2 request 0:''
2025-11-26 13:00:03.997309 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 3 request 0:''
2025-11-26 13:00:03.997348 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 4 request 0:''
2025-11-26 13:00:03.997382 ike V=root:0:XXXXXX IPv6:1766: mode-cfg WINS ignored, no WINS servers configured
2025-11-26 13:00:03.997415 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 13 request 0:''
2025-11-26 13:00:03.997450 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 25 request 0:''
2025-11-26 13:00:03.997490 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 8 request 0:''
2025-11-26 13:00:03.997525 ike V=root:0:XXXXXX IPv6: IPv6 pool is not configured
2025-11-26 13:00:03.997557 ike V=root:0:XXXXXX IPv6:1766: mode-cfg could not allocate IPv6 address
2025-11-26 13:00:03.997590 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 15 request 0:''
2025-11-26 13:00:03.997624 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 10 request 0:''
2025-11-26 13:00:03.997663 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 11 request 0:''
2025-11-26 13:00:03.997697 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 11 not supported, ignoring
2025-11-26 13:00:03.997730 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 28673 request 0:''
2025-11-26 13:00:03.997766 ike V=root:0:XXXXXX IPv6:1766: mode-cfg UNITY type 28673 requested
2025-11-26 13:00:03.997800 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 21514 request 0:''
2025-11-26 13:00:03.997835 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 21514 requested
2025-11-26 13:00:03.997874 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 21515 request 0:''
2025-11-26 13:00:03.997907 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 21515 requested
2025-11-26 13:00:03.997939 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 28672 request 0:''
2025-11-26 13:00:03.997972 ike V=root:0:XXXXXX IPv6:1766: mode-cfg UNITY type 28672 requested
2025-11-26 13:00:03.998006 ike V=root:0:XXXXXX IPv6:1766: mode-cfg no banner configured, ignoring
2025-11-26 13:00:03.998038 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 28678 request 0:''
2025-11-26 13:00:03.998071 ike V=root:0:XXXXXX IPv6:1766: mode-cfg UNITY type 28678 requested
2025-11-26 13:00:03.998109 ike V=root:0:XXXXXX IPv6:1766: mode-cfg type 25 request 0:''
2025-11-26 13:00:03.998160 ike V=root:0:XXXXXX IPv6:1766:4611: peer proposal:
2025-11-26 13:00:03.998199 ike V=root:0:XXXXXX IPv6:1766:4611: TSi_0 0:0.0.0.0-255.255.255.255:0
2025-11-26 13:00:03.998236 ike V=root:0:XXXXXX IPv6:1766:4611: TSr_0 0:0.0.0.0-255.255.255.255:0
2025-11-26 13:00:03.998270 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: comparing selectors
2025-11-26 13:00:03.998307 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: matched by rfc-rule-2
2025-11-26 13:00:03.998341 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: phase2 matched by subset
2025-11-26 13:00:03.998383 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: using mode-cfg override 0:10.72.76.61-10.72.76.61:0
2025-11-26 13:00:03.998424 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: accepted proposal:
2025-11-26 13:00:03.998461 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: TSi_0 0:10.72.76.61-10.72.76.61:0
2025-11-26 13:00:03.998498 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: TSr_0 0:0.0.0.0-255.255.255.255:0
2025-11-26 13:00:03.998533 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: dialup
2025-11-26 13:00:03.998583 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: incoming child SA proposal:
2025-11-26 13:00:03.998618 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: proposal id = 1:
2025-11-26 13:00:03.998651 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: protocol = ESP:
2025-11-26 13:00:03.998730 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: encapsulation = TUNNEL
2025-11-26 13:00:03.998767 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: type=ENCR, val=AES_CBC (key_len = 128)
2025-11-26 13:00:03.998801 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: type=INTEGR, val=SHA
2025-11-26 13:00:03.998835 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: type=ESN, val=NO
2025-11-26 13:00:03.998869 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: PFS is disabled
2025-11-26 13:00:03.998903 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: proposal id = 2:
2025-11-26 13:00:03.998936 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: protocol = ESP:
2025-11-26 13:00:03.998969 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: encapsulation = TUNNEL
2025-11-26 13:00:03.999017 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: type=ENCR, val=AES_CBC (key_len = 256)
2025-11-26 13:00:03.999051 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: type=INTEGR, val=SHA256
2025-11-26 13:00:03.999087 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: type=ESN, val=NO
2025-11-26 13:00:03.999120 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: PFS is disabled
2025-11-26 13:00:03.999157 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: matched proposal id 2
2025-11-26 13:00:03.999192 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: proposal id = 2:
2025-11-26 13:00:03.999225 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: protocol = ESP:
2025-11-26 13:00:03.999258 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: encapsulation = TUNNEL
2025-11-26 13:00:03.999292 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: type=ENCR, val=AES_CBC (key_len = 256)
2025-11-26 13:00:03.999326 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: type=INTEGR, val=SHA256
2025-11-26 13:00:03.999358 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: type=ESN, val=NO
2025-11-26 13:00:03.999398 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: PFS is disabled
2025-11-26 13:00:03.999431 ike V=root:0:XXXXXX IPv6:1766:ipv6:4611: lifetime=43200
2025-11-26 13:00:03.999505 ike V=root:0:XXXXXX IPv6:1766: responder preparing AUTH msg
2025-11-26 13:00:03.999550 ike V=root:0:XXXXXX IPv6: adding new dynamic tunnel for XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500
2025-11-26 13:00:04.005489 ike 0:XXXXXX IPv6_0:1766: out B75E46C47DB7D2B68D89CB6A4A265D392E202320000000050000015024000134AC0CD00EFDE0F0BD97F9CDB12BCD7DF76B68F91150617D09FFD2E6BF7C467017E993028EB6DF657254C14E55A7BE07332A4757
91143353F5F3DFB123EA7062C1A63E62D13788C6DF7B034093BDF44CA089CD751AB9CE95E365C3FC9831D14C08058849971686D19CC714D9242BE710078F060B28B82E2D3860272050DA72BBA683FDB4ECB2873001F60C1C8263F50E782E84DFA9AD5EB7A67F7BB8BFC4DA9E564ADF1
9ADC5766C909A78F0D0E3AE4EF73E98A7BED7C72374B1F4030459319138F13EC76BEAA2B6BC991E1617CF3564A3405726D2C27C611B38DDB6C32231975833EFE6EECEA1315E3EDBF8C81230E6C496FC49F1C87A017983BC1A14F55E128E083BD0E55503E33FC47FB58020D13C67E61D
2FC31BA730F259A2B751EF2E88C71B2F32F941C9F0B48771211716B2C0F9
2025-11-26 13:00:04.005671 ike V=root:0:XXXXXX IPv6_0:1766: sent IKE msg (AUTH_RESPONSE): XXXX:XXXX:X:XX:X:500->XXXX:XXX:XXXX:XXXX:XXXX:XXXX:d99:150d:500, len=336, vrf=0, id=b75e46c47db7d2b6/8d89cb6a4a265d39:00000005, oif=
7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have now activated Dual Stack on the VPN tunnel in phase 1 and phase 2 for testing purposes.
The client now also receives additonal an IPV6 on the VPN adapter, and I am now also receiving incoming traffic and can reach the internal IPv4 VLAN after the firewall. However, the tunnel still breaks after about 1 minute.
Labels
-
FortiGate
10,992 -
FortiClient
2,254 -
FortiManager
924 -
FortiAnalyzer
703 -
5.2
687 -
5.4
638 -
FortiSwitch
608 -
FortiClient EMS
603 -
FortiAP
577 -
IPsec
471 -
6.0
416 -
SSL-VPN
404 -
FortiMail
387 -
5.6
362 -
FortiNAC
315 -
FortiWeb
265 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
212 -
FortiAuthenticator
195 -
FortiGuard
164 -
FortiGate-VM
153 -
5.0
152 -
Firewall policy
152 -
6.4
128 -
FortiCloud Products
122 -
FortiSIEM
116 -
FortiToken
115 -
FortiGateCloud
113 -
Wireless Controller
97 -
High Availability
95 -
Customer Service
91 -
Routing
84 -
SAML
83 -
ZTNA
82 -
FortiProxy
81 -
Authentication
76 -
VLAN
76 -
BGP
75 -
Fortivoice
74 -
DNS
74 -
Certificate
74 -
FortiEDR
73 -
FortiADC
70 -
radius
68 -
LDAP
66 -
FortiLink
62 -
SSO
60 -
FortiSandbox
57 -
NAT
57 -
Interface
54 -
FortiExtender
53 -
Application control
52 -
VDOM
50 -
4.0MR3
49 -
Virtual IP
47 -
Logging
44 -
FortiDNS
43 -
SSL SSH inspection
42 -
FortiPAM
41 -
Web profile
39 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
FortiConnect
36 -
Automation
36 -
FortiWAN
32 -
FortiConverter
31 -
API
30 -
Traffic shaping
29 -
FortiGate v5.2
28 -
FortiGate Cloud
27 -
Static route
27 -
SSID
26 -
SNMP
25 -
System settings
24 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
OSPF
23 -
WAN optimization
22 -
Web application firewall profile
22 -
FortiMonitor
21 -
Web rating
20 -
IP address management - IPAM
20 -
FortiSOAR
19 -
Security profile
19 -
FortiAP profile
18 -
FortiGate v5.0
16 -
FortiDDoS
16 -
Explicit proxy
16 -
Admin
15 -
IPS signature
15 -
Traffic shaping policy
15 -
Proxy policy
15 -
Intrusion prevention
15 -
FortiManager v4.0
14 -
FortiCASB
14 -
NAC policy
14 -
Users
14 -
FortiManager v5.0
13 -
DNS filter
13 -
FortiDeceptor
12 -
Fabric connector
12 -
Port policy
12 -
FortiBridge
11 -
FortiRecorder
11 -
trunk
11 -
Traffic shaping profile
11 -
Authentication rule and scheme
11 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
Application signature
9 -
FortiCache
8 -
FortiToken Cloud
8 -
Packet capture
8 -
Vulnerability Management
8 -
4.0
7 -
4.0MR2
7 -
VoIP profile
7 -
FortiScan
6 -
FortiNDR
6 -
DoS policy
6 -
FortiCarrier
5 -
FortiTester
5 -
DLP profile
5 -
DLP sensor
5 -
Email filter profile
5 -
Protocol option
5 -
TACACS
5 -
Service
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
Replacement messages
4 -
SDN connector
4 -
Multicast routing
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiAI
3 -
Kerberos
3 -
Video Filter
3 -
File filter
3 -
Multicast policy
3 -
FortiEdge Cloud
3 -
FortiInsight
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
Lacework
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
Virtual wire pair
1 -
FortiPresence
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2838 | |
| 1434 | |
| 812 | |
| 796 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.