Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III


Forgive if this is loaded somewhere else.


I'm running into a snag here.  I am currently on Spectrum and getting a /128 from them.  According to my WAN1 interface.  


I am trying to get the DHCP to passthrough to my clients on a vlan, anyone have any luck with this?

1 Solution
Esteemed Contributor III

Did you speak with your provider? They will tell you what size prefix is belng delegated , typically /48 or /56 and then you configure the fortigate for the ipv6 delegation on the wan and you pass a prefix in that delegation to your inside lans




config sys inteface

     edit wan1

        config ipv6

          set ipv6 dhcp-prefix-delegation enable

          set dhcp6-prefix-hint 2001:db8:44 /56




 Once you have the assignment, you use slacc on your internal lans for assignments of the /64 to the hosts machines.


   config sys int 

       edit port1

           config ipv6

                  set ip6-allowaccess ssh ping https

                  set ip6-mode delegate

                  set ip6-upstream wan1



Yes it's really that easy you need to speak to your ISP


Ken Felix







View solution in original post

PCNSE NSE StrongSwan

So here is latest, neither wan config above is getting me an ipv6 address on my fortigate, keeps getting a /128 as it shows.


With that though, i am able to get ipv6 on my laptop if i hook directly.




I should emphasize that in my experience your FortiGate will not get anything larger than a /128 by design.  If you're looking for that to change, you're looking in the wrong place. 


The way delegation works is that it gives you a prefix to work with for your downstream networks.  The exact config commands I gave above worked fine for me as you can see in this screenshot:



(Though I ended up tweaking my downstream a bit and am using two /60 for reasons that go way beyond the scope of this.)


- Daniel


Its not that i care that its a /128, i just want it to work.  I know that if i hook up my laptop it does work. Trying to get the Fortigate is another issue.


i have set my config verbatim to what you have listed.



when i got to or its not even picking up an ipv6 address on my wan interface it seems as it doesn't show one.


Hello everyone,


Brand new to this forum and brand new to Fortinet.


Regarding the /128 on the outside interface. That is a gateway address to route to the prefix(es) behind your firewall via router advertisement daemon (radvss I think).


I worked on getting IPv6 working on my firewall for two days or so, it took me a bit but everything is fine now. Here are my interface configs -- I am using SLAAC, not DHCPv6 though. You can see if you are delegating properly by typing in 


diagnose ipv6 address list


If you see ipv6 addresses on your interface(s), you are successfully delegating and you will have your prefix.


I actually opened a ticket with support and there is no concise way to get your prefix!


In any case, here is my interface config:


edit "XXXX"

        set vdom "root"

        set ip RFC-1918.254

        set allowaccess ping https ssh snmp http

        set type hard-switch

        set device-identification enable

        set role lan

        set snmp-index 4

        config ipv6

            set ip6-mode delegated

            set ip6-allowaccess ping

            set ip6-send-adv enable

            set ip6-other-flag enable

            set ip6-upstream-interface "wan"

            set ip6-subnet ::55:0:0:0:ffff/64

            config ip6-delegated-prefix-list

                edit 6

                    set upstream-interface "wan"

                    set subnet 0:0:0:55::/64

                    set rdnss-service default






My wan:


edit "wan"
        set vdom "root"
        set mode dhcp
        set allowaccess ping fgfm
        set type physical
        set role wan
        set snmp-index 1
        config ipv6
            set ip6-mode dhcp
            set ip6-allowaccess ping
            set dhcp6-prefix-delegation enable
            set dhcp6-prefix-hint ::/56
        set dns-server-override disable


I am using Spectrum. 


With a /56, the last 2 HEX numbers are my network addresses, so the delegated interface above is the 5th network, out of 256 networks. Incidentally, if Spectrum ever changes the prefix, this should automatically popogate to your interfaces and clients.




Top Kudoed Authors