Forgive if this is loaded somewhere else.
I'm running into a snag here. I am currently on Spectrum and getting a /128 from them. According to my WAN1 interface.
I am trying to get the DHCP to passthrough to my clients on a vlan, anyone have any luck with this?
Solved! Go to Solution.
Did you speak with your provider? They will tell you what size prefix is belng delegated , typically /48 or /56 and then you configure the fortigate for the ipv6 delegation on the wan and you pass a prefix in that delegation to your inside lans
e.g
config sys inteface
edit wan1
config ipv6
set ipv6 dhcp-prefix-delegation enable
set dhcp6-prefix-hint 2001:db8:44 /56
end
Once you have the assignment, you use slacc on your internal lans for assignments of the /64 to the hosts machines.
config sys int
edit port1
config ipv6
set ip6-allowaccess ssh ping https
set ip6-mode delegate
set ip6-upstream wan1
end
Yes it's really that easy you need to speak to your ISP
Ken Felix
PCNSE
NSE
StrongSwan
So here is latest, neither wan config above is getting me an ipv6 address on my fortigate, keeps getting a /128 as it shows.
With that though, i am able to get ipv6 on my laptop if i hook directly.
Micah,
I should emphasize that in my experience your FortiGate will not get anything larger than a /128 by design. If you're looking for that to change, you're looking in the wrong place.
The way delegation works is that it gives you a prefix to work with for your downstream networks. The exact config commands I gave above worked fine for me as you can see in this screenshot:
(Though I ended up tweaking my downstream a bit and am using two /60 for reasons that go way beyond the scope of this.)
- Daniel
Its not that i care that its a /128, i just want it to work. I know that if i hook up my laptop it does work. Trying to get the Fortigate is another issue.
i have set my config verbatim to what you have listed.
when i got to test-ipv6.com or whatismyip.com its not even picking up an ipv6 address on my wan interface it seems as it doesn't show one.
Hello everyone,
Brand new to this forum and brand new to Fortinet.
Regarding the /128 on the outside interface. That is a gateway address to route to the prefix(es) behind your firewall via router advertisement daemon (radvss I think).
I worked on getting IPv6 working on my firewall for two days or so, it took me a bit but everything is fine now. Here are my interface configs -- I am using SLAAC, not DHCPv6 though. You can see if you are delegating properly by typing in
diagnose ipv6 address list
If you see ipv6 addresses on your interface(s), you are successfully delegating and you will have your prefix.
I actually opened a ticket with support and there is no concise way to get your prefix!
In any case, here is my interface config:
edit "XXXX"
set vdom "root"
set ip RFC-1918.254 255.255.255.0
set allowaccess ping https ssh snmp http
set type hard-switch
set device-identification enable
set role lan
set snmp-index 4
config ipv6
set ip6-mode delegated
set ip6-allowaccess ping
set ip6-send-adv enable
set ip6-other-flag enable
set ip6-upstream-interface "wan"
set ip6-subnet ::55:0:0:0:ffff/64
config ip6-delegated-prefix-list
edit 6
set upstream-interface "wan"
set subnet 0:0:0:55::/64
set rdnss-service default
next
end
end
My wan:
edit "wan"
set vdom "root"
set mode dhcp
set allowaccess ping fgfm
set type physical
set role wan
set snmp-index 1
config ipv6
set ip6-mode dhcp
set ip6-allowaccess ping
set dhcp6-prefix-delegation enable
set dhcp6-prefix-hint ::/56
end
set dns-server-override disable
I am using Spectrum.
With a /56, the last 2 HEX numbers are my network addresses, so the delegated interface above is the 5th network, out of 256 networks. Incidentally, if Spectrum ever changes the prefix, this should automatically popogate to your interfaces and clients.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.