Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tz_sit
New Contributor

Fortigate IPv6 GUI Bug for SSL VPN - Telekom Deutschland

Hello,
I'm trying to implement IPv6 in our test environment and I'm having some difficulties.
We are using a Fortigate 60F with FortiOS 7.2.4 and a VDSL connection from Telekom in Germany.

IPv4 works fine for us. The dial-up is done via PPPoe behind a modem. We also get our fixed IPv4 address and so far everything works fine.

Now I wanted to activate IPv6 on this interface accordingly. I have followed the instructions and tips that I could find on the Internet. However, something still does not seem to work properly. Namely, no IP address is displayed in the GUI under IPv6-address. But via the CLI I can see that the interface has been assigned an IP address. I can also assign an IPv6 subnet to other VLANs and the devices get an IP address accordingly and can also connect to the Internet.

My problem now is that I cannot make SSL VPN settings for IPv6. When I add the interface in the SSL VPN settings, I do not see an IPv6 address, but only the IPv4 address.
Does anyone know what is causing this? We are planning to implement VPN over IPv6 as well, since more and more users are having problems when working from home.

Here is my current configuration for this:

 

SIT-FW01 (wan2-pppoe) # show
config system interface
    edit "wan2-pppoe"
        set vdom "root"
        set mode pppoe
        set status down
        set type tunnel
        set monitor-bandwidth enable
        set role wan
        set snmp-index 33
        config ipv6
            set ip6-allowaccess ping
            set dhcp6-prefix-delegation enable
            set autoconf enable
            config dhcp6-iapd-list
                edit 1
                    set prefix-hint 2003:a:xxxx:xxxx::/56
                next
            end
        end
        set interface "wan2"
    next
end
config system pppoe-interface
    edit "wan2-pppoe"
        set ipv6 enable
        set device "wan2"
        set username "00234308XXXXXXX0001@t-online.de"
        set password PASSWORD
    next
end

 

And if I look via the CLI, I can see that the interface got an IPv6 address (and I can execute ping6 via the CLI):

(I removed some information of the IP due to privacy reasons)

SIT-FW01 # get router info6 interface
wan2-pppoe                 [running/up]
    2003:a:37f:a52e:96f3:xxxx:xxxx:86a7
    fe80::96f3:xxxx:xxxx:86a7
Firewall Engineer
Schmittel IT GmbH
Firewall EngineerSchmittel IT GmbH
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
Christian_89
Contributor III

Based on the information provided, it seems that the FortiGate 60F interface has been assigned an IPv6 address via CLI, but it is not displayed in the GUI. Additionally, when configuring SSL VPN settings, only the IPv4 address is shown instead of the IPv6 address. This can be resolved by following these steps:

  1. Verify GUI Display Settings: Double-check the GUI settings to ensure that IPv6 addresses are enabled to be displayed. In the FortiGate web interface, navigate to System > Config > Features and confirm that "IPv6 Display" is enabled.

  2. Check SSL VPN Configuration: Ensure that the SSL VPN settings are correctly configured for IPv6. In the SSL VPN configuration, go to VPN > SSL-VPN Settings and review the settings for IPv6. Ensure that the IPv6 address is correctly configured and associated with the appropriate interface.

  3. Update Firmware: Check if there are any available firmware updates for your FortiGate device. Keeping the firmware up to date can address known issues and improve functionality. Consider updating to the latest firmware version compatible with your FortiGate 60F model.

  4. Review System Logs: Monitor the system logs on your FortiGate device for any relevant error or warning messages related to IPv6 or SSL VPN. This can provide insights into any potential configuration issues or conflicts.

Labels
Top Kudoed Authors