Prefix Delegation gets lost after some hours

simon40 · ‎03-15-2025

Hi everyone,

I'm new to Fortigate and want to thank you in advance for your support! I have a strange problem: After some hours, the prefix delegation gets lost.

My setup:

Vodafone (via calbe, provides a /59 net) > Cable Router: Fritzbox 6670 (7.6.3) > Fortigate 61 E (7.0.9 build 0444 mature)

The Fritzbox keeps one /60 net for itself and delegates the other /60 net to the Fortigate.

In the Fortigate, the WAN1 interface is connected to the Fritzbox and ipv6-setup is this:

config ipv6

set ip6-allowaccess ping https

set dhcp6-prefix-delegation enable

set autoconf enable

config dhcp6-iapd-list

edit 5

set prefix-hint ::/59

set prefix-hint-plt 0

set prefix-hint-vlt 0

The interface "internal" (hardware-switch) has three VLANs, the first is set up like this:

config ipv6

set ip6-mode delegated

set ip6-allowaccess ping https

set ip6-delegated-prefix-iaid 5

set ip6-send-adv enable

set ip6-manage-flag enable

set ip6-other-flag enable

set ip6-upstream-interface "wan1"

set ip6-subnet 0:0:0:1::/64

config ip6-delegated-prefix-list

edit 1

set upstream-interface "wan1"

set delegated-prefix-iaid 5

set subnet 0:0:0:1::/64 // 0:0:0:2::/64 and 0:0:0:3::/64 for the other VLANS

set rdnss-service delegated

end

set interface "internal"

set vlanid 10 // 20 and 30 for the other VLANs

That works great. WAN1 gets the /60 net delegated and delegates three /64 nets to the three VLANs and the clients get an IPv6 address from the according /64 net.

"get" in the CLI for WAN1 shows:

dhcp6-prefix-delegation: enable

delegated-prefix iaid 5 : 2a02:8071:xxxx:xx30::/60

"get" for VLAN1 shows:

ip6-address : 2a02:8071:xxxx:xx31::/64

BUT: Just for some hours! After that, "get" in the CLI for WAN1 just shows:

dhcp6-prefix-delegation: enable

delegated-prefix iaid 5 : ::/0

and logically for VLAN1:

ip6-address : ::/0

I've done a lot of research (knowledge base, community, google...) and never read anything about temporary prefix delegation.

Vodafone provides dynamic prefixes, but that's not the problem. When I restart the fortigate, PD works again for some time (with the same prefix as before), but gets lost again after a few hours.

What am I doing wrong? Does someone have an idea?

Thanks

Simon

Anthony_E · ‎03-18-2025

Hello Simon,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎03-20-2025

Hello Simon,

We are still looking for someone to help you.

We will come back to you ASAP.

Thanks,

Anthony-Fortinet Community Team.

simon40 · ‎03-20-2025

Hi Anthony_E,

thanks! I appreciate that!

Just as an update, it's running now for one and a half days without problem, although I did'nt change anything in the configuration. Only thing I have done in the meantime is capture the packets in FortiGate and in the Fritzbox. Since then, everything works fine. But I really don't trust it, because the same configuration made problems for about two weeks.
So, at the moment, it seems to be fixed, although "fixed" means, it's just working without any changes. I wouldn't know what to do, if it breaks again. So if you have any suggestions, it would be great.

Thanks!

Simon

Anthony_E · ‎03-21-2025

Thank you Simon!

I leave this post open if someone wants to share something.

And for sure, do not hesitate to contact us if needed :)!

Anthony-Fortinet Community Team.

simon40 · ‎03-26-2025

Thanks Anthony_E!

As it is running now completely well since my last post and I didn't change anything in the FortiGate configuration, I think, I was a problem with the provider or the FritzBox. So, this topic can be closed.

Thanks again!

Simon

Prefix Delegation gets lost after some hours

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website