I'm having the hardest time getting my getting my 40F Fortigate connected to IPv6. I am fairly versed in networking and Fortigate (two years now) but not having luck here.
So I have the Interface set to DHCP and its COX Communications. I have obtained an IPv6 IP address and two IPv6 DNS servers.
For my LAN interface I'm using SLAAC, using fd00:6565::/64 as my prefix and all my devices have an IPv6 address. I even have enabled the DHCPv6 Server to give out my DNSv6 server addresses but mostly I use my DNSv4 which works also. And I have Central NAT enabled.
BUT I am just confused how to acquire delegated IPv6 addresses and how to pair them to my SLAAC IPv6 addresses in my devices.
Should I be using a different addressing mode???? MANUAL allows you to set "Auto configure IPv6 address"
Or "DELEGATED" mode. I don't know my "prefix hint"
I spend HOUR and HOURS trying to get setup info from COX, even pay for extra technical support, and never got ANYONE that knows an IP address from a Fortigate. FRUSTRATING. ANY HELP IS GREATLY APPRECIATED.
One more thing, I have SD-WAN set up because I have two ISPs, but the other only supports IPv4 and that works great. Also, do I need a STATIC ROUTE for IPv6? I was hoping to get the GATEWAY IPv6 from COX, but no luck.
Thanks much in advance.
Solved! Go to Solution.
Hi Ameif,
Q. I am just confused about how to acquire delegated IPv6 addresses and how to pair them to my SLAAC IPv6 addresses on my devices. Should I be using a different addressing mode???? MANUAL allows you to set "Auto configure IPv6 address" or "DELEGATED" mode. I don't know my "prefix hint."
- IPv6 prefix delegation enables the dynamic assignment of an address prefix and DNS server address to an upstream interface, typically connected to an ISP.[WAN facing Interface]
- This process automates the assignment of prefixes to downstream interfaces, which are interfaces not connected directly to the ISP and use the delegated addressing mode.[LAN facing Interface]
- Downstream interfaces (LAN) can be configured to request specific IPv6 subnets from the upstream interface(WAN).
- When a downstream interface(LAN) receives the IPv6 address from the upstream interface(WAN), devices connected to it can obtain an IPv6 address using DHCPv6 or by configuring their own IP address using auto-configuration.
Please refer the following KB article for a detailed explanation of IPv6 Prefix delegation with an example; (In this scenario, the Enterprise Core FortiGate would represent your FortiGate connected to the ISP's DHCPv6 server, while the First Floor FortiGate would represent downstream devices connected to the FortiGate).
http://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/37673/ipv6-prefix-delegation
On the FortiGate, an interface can use the following methods to obtain an IPv6 address:
Method |
Overview |
---|---|
|
|
|
|
|
|
|
Hi Ameif,
Q. I am just confused about how to acquire delegated IPv6 addresses and how to pair them to my SLAAC IPv6 addresses on my devices. Should I be using a different addressing mode???? MANUAL allows you to set "Auto configure IPv6 address" or "DELEGATED" mode. I don't know my "prefix hint."
- IPv6 prefix delegation enables the dynamic assignment of an address prefix and DNS server address to an upstream interface, typically connected to an ISP.[WAN facing Interface]
- This process automates the assignment of prefixes to downstream interfaces, which are interfaces not connected directly to the ISP and use the delegated addressing mode.[LAN facing Interface]
- Downstream interfaces (LAN) can be configured to request specific IPv6 subnets from the upstream interface(WAN).
- When a downstream interface(LAN) receives the IPv6 address from the upstream interface(WAN), devices connected to it can obtain an IPv6 address using DHCPv6 or by configuring their own IP address using auto-configuration.
Please refer the following KB article for a detailed explanation of IPv6 Prefix delegation with an example; (In this scenario, the Enterprise Core FortiGate would represent your FortiGate connected to the ISP's DHCPv6 server, while the First Floor FortiGate would represent downstream devices connected to the FortiGate).
http://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/37673/ipv6-prefix-delegation
On the FortiGate, an interface can use the following methods to obtain an IPv6 address:
Method |
Overview |
---|---|
|
|
|
|
|
|
|
Hi Ameif,
Q. One more thing, I have SD-WAN set up because I have two ISPs, but the other only supports IPv4 and that works great. Also, do I need a STATIC ROUTE for IPv6? I was hoping to get the GATEWAY IPv6 from COX, but no luck.
When setting up the SD-WAN member (Interface with IPv6 address), ensure to configure the corresponding IPv6 Gateway (if using static configuration). Additionally, it is necessary to set up an IPv6 static route with the default subnet/destination "::/0" and select the appropriate SD-WAN Zone to enable internet connectivity via the interface configured with the IPv6 address.
First, thank you so much. I followed this.. this, http://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/37673/ipv6-prefix-delegation
but..two things, the first I solved. First, on my LAN, I use SLAAC, and DHCPv6 to give my own DNS server, and use SLAAC to use my own fd00: IP addresses. OR turn off DHCPv6 and just use my own IPv4 DNS server, which works as well.
So all my devices are getting a fd00:xxxxx.. IP addresses. Works/Good.....
but, NAT and I am using Central NAT so for NAT...
Should I use "Use Outgoing Interface Address" or use "Dynamic IP Pool"?
Don't I want Dynamic IP Pool, but the IP Pools are set IP ranges. Don't I want a delegated IP Pool, or is that what "Use Outgoing Interface" is? THANKS!!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.