Fortigate IPv6 GUI Bug for SSL VPN - Telekom Deutschland
Hello, I'm trying to implement IPv6 in our test environment and I'm having some difficulties. We are using a Fortigate 60F with FortiOS 7.2.4 and a VDSL connection from Telekom in Germany.
IPv4 works fine for us. The dial-up is done via PPPoe behind a modem. We also get our fixed IPv4 address and so far everything works fine.
Now I wanted to activate IPv6 on this interface accordingly. I have followed the instructions and tips that I could find on the Internet. However, something still does not seem to work properly. Namely, no IP address is displayed in the GUI under IPv6-address. But via the CLI I can see that the interface has been assigned an IP address. I can also assign an IPv6 subnet to other VLANs and the devices get an IP address accordingly and can also connect to the Internet.
My problem now is that I cannot make SSL VPN settings for IPv6. When I add the interface in the SSL VPN settings, I do not see an IPv6 address, but only the IPv4 address. Does anyone know what is causing this? We are planning to implement VPN over IPv6 as well, since more and more users are having problems when working from home.
Here is my current configuration for this:
SIT-FW01 (wan2-pppoe) # show
config system interface
set vdom "root"
set mode pppoe
set status down
set type tunnel
set monitor-bandwidth enable
set role wan
set snmp-index 33
set ip6-allowaccess ping
set dhcp6-prefix-delegation enable
set autoconf enable
set prefix-hint 2003:a:xxxx:xxxx::/56
set interface "wan2"
config system pppoe-interface
set ipv6 enable
set device "wan2"
set username "00234308XXXXXXX0001@t-online.de"
set password PASSWORD
And if I look via the CLI, I can see that the interface got an IPv6 address (and I can execute ping6 via the CLI):
(I removed some information of the IP due to privacy reasons)
SIT-FW01 # get router info6 interface
Based on the information provided, it seems that the FortiGate 60F interface has been assigned an IPv6 address via CLI, but it is not displayed in the GUI. Additionally, when configuring SSL VPN settings, only the IPv4 address is shown instead of the IPv6 address. This can be resolved by following these steps:
Verify GUI Display Settings: Double-check the GUI settings to ensure that IPv6 addresses are enabled to be displayed. In the FortiGate web interface, navigate to System > Config > Features and confirm that "IPv6 Display" is enabled.
Check SSL VPN Configuration: Ensure that the SSL VPN settings are correctly configured for IPv6. In the SSL VPN configuration, go to VPN > SSL-VPN Settings and review the settings for IPv6. Ensure that the IPv6 address is correctly configured and associated with the appropriate interface.
Update Firmware: Check if there are any available firmware updates for your FortiGate device. Keeping the firmware up to date can address known issues and improve functionality. Consider updating to the latest firmware version compatible with your FortiGate 60F model.
Review System Logs: Monitor the system logs on your FortiGate device for any relevant error or warning messages related to IPv6 or SSL VPN. This can provide insights into any potential configuration issues or conflicts.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.