Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
PCNSE
NSE
StrongSwan
I persuaded a company to replace fully working Linux router with FGT-92D (with 3-year UTM) in good faith this 'feature request' will be resolved in FOS 5.4.. But it seems IPv6 compatibility isn't a top priority for Fortinet.
So... Almost a year and a half after OP in this topic - is Fortinet planning FOS support for IPv6CP + DHCPv6-PD?
I have a similar request! I need dhcpv6 IA_PD option for Comcast to work properly. I paid a ton of money for my fortigate unit (considering im a hardcore home user) and just wanted capable equipment that's fast and reliable with three years of utm services and support. I assumed by now these routers would be able to to run dual stack fairly simply by selecting the options required by the ISP, Comcast in my case just as in ipv4. I hear a lot of talk about how similar ipv6 is to ipv4.... If they are so similar why doesn't it just work like ipv4? Network gurus at Fortinet cant preconfigure the interfaces for ipv6 as in ipv4? Or do some research and have straight forward guides on exacty how to configure the wan interface and lan interface via the gui or cli something concrete that works? I realize there are differences in networks and how interfaces are set up and going to be used, but if that is the problem or complexity of establishing a ipv6 connection set on dhcp on wan and dhcp on lan and not have proper connectivity, like ipv4, what's the use? For ipv4, as soon as I hooked up the unit when I recieved it, the wan interface set on dhcp was assigned an ip address the nessecary policies were already configured and boom, all the devices in my home, and there are quite a few, were assigned addresses and connecting to the internet! believe me I don't say this without having already trying numerous configurations and done tons of reading of all kinds of fotinet docs and web blogs , forums ipv6 sites etc. I think for ipv6 to work properly I need the following to be supported by my router.
"Brucew wrote:
if your local Comcast system and your cable modem support IPv6 --
- A computer connected directly to the modem should get a /128
- A router that supports IPv6, DHCPv6 and Prefix Delegation (PD) should get a /64 block of addresses.
True plus:
The router's WAN interface will get a/128, the router will get a /64 for the LAN side. If you have a router that supports IA_PD your router can request anything from /64- /60.. So if you have more than 1 LAN interface you can have more /64s.
I personally currently have set my ipv6 mode on Wan1 set to dhcp. I get a /128 address. With no IA_PD option ipv6 will not work properly. I have all the recommended policies enabled to allow ipv6 traffic flow the best I know how. And believe me I've played around with this enough to give up on it. my current ipv6 lan config is below
config ipv6
set ip6-allowaccess ping https ssh snmp http fgfm capwap
set ip6-retrans-time 4000
set ip6-address fd0b:7186::/64
set ip6-send-adv enable
config ip6-prefix-list
edit fd0b:7186::/64
set autonomous-flag enable
set onlink-flag enable
next
end
end
as a last resort with that configuration being my last attempt to completely abandon ipv6. I decided to turn NAT on for my ipv6 traffic policies and got clients to have some ipv6 connectivity. Why? I've read NAT is not needed for ipv6! But that must pertain to properly configured ipv6 set ups. so I can access some sites, not all, browsers prefer, and go to ipv4 instead of 6 unless you specify an ipv6 address. ipv6 test sites, Netalizer etc., report problems with icmp filtering which I've tried to disable to fix those errors, then there are DNS errors which I have no idea, not connecting at all to some sites and always using ipv4 over ipv6 when both are avaible. I'm sure all the problems that remain are tied to the unsupported ipv6 IA_PD on the fortigate unit. sounds like the next update for forti os doesn't address an of these issues if I read the release notes correctly. there is one thing we account on for now though, and that is that IPV4 still works, is esay to set up and automatic on amost all devices and is supported by just about every device.
In Fortigate 60E v5.6.8, I am trying to connect with IPv6 PPPoE and get an address assignment with DHCPv6-PD.
Since there is no answer in this thread, I asked a question.
To perform DHCPv6-PD, it is necessary to support the following functions. Is it supported by FortiOS?
- DHCPv6 (RFC3315), DHCPv6-PD (RFC3633) - Point the default gateway to the address obtained by IPv6CP
Option code used when obtaining IPv6 prefix 25 Information about the Identity Association for Prefix Delegation IA_PD 26 Identity Association for Prefix Delegation prefix IPv6 prefix
Best regards,
flathill,
I had a look at this topic some time back with support. I think the functionality you need was added to the 5.6 release. Here's the response I had from support at the time:-
Dear Andy, I may have some good news. It seems that with the support of multiple PPPoE connections on a single interface that has been added to 5.6 we can now configure DHCPv6 client mode on a PPPoE interface. It could be configured like this: config system pppoe-interface edit pppoe1 set ipv6 enable set device port4 ... end config system interface edit pppoe1 config ipv6 set ip6-mode dhcp set dhcp6-prefix-delegation enable end next end With that configuration you will be able to request DHCPv6 IA_NA request over the pppoe1 interface. Also with that configuration, pppoe1 will be considered as a physical interface, so you will firewall policies etc as the other interfaces.
#################################
I'm still using this config in the 6.2.X releases and it certainly seems to work ok. The PPPOE interface becomes a logical inteface from which ever port you are using (in my case in the above CLI snippet it was port4 on an FGT-80D).
I hope that helps.
Kind Regards,
Andy.
Andy Thank you for the advice. When the interface was set based on the advice and the default route of IPv6 was set to pppoe1 interface, IPv6CP and DHCPv6-PD operated, and connection to IPv6 Internet became possible.
Best Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.