Hello,
I try to configure a IPv6 interface on my fortigate with a public IP provided by tunnerbroker.
I'm able to ping, resolve dns query, do a telnet on ipv6 server on port 80, ... But I'm not able to load a http/s website.
My fortigate is behing my modem, but all the port/proto is nated on my fortigate. I saw the ip proto 41 out/in on my fortigate.
Is anyone has an idea for this problem ?
Here is a part on my config and debug flow :
id=20085 trace_id=21 func=resolve_ip6_tuple_fast line=3025 msg="vd-root received a packet(proto=6, 2001:xxx:xxx:xxx:594d:7e5d:8cd3:1ffc:52605->2001:4810::110:80) from testipv6."
id=20085 trace_id=21 func=resolve_ip6_tuple_fast line=3025 msg="vd-root received a packet(proto=6, 2001:xxx:xxx:xxx:594d:7e5d:8cd3:1ffc:52605->2001:4810::110:80) from testipv6."
id=20085 trace_id=21 func=resolve_ip6_tuple line=3116 msg="allocate a new session-000013a8"
id=20085 trace_id=21 func=vf_ip6_route_input line=533 msg="find a route: gw-2001:4810::110 via HeTunnelBroker err 0 flags 01000001"
id=20085 trace_id=21 func=fw6_forward_handler line=304 msg="Check policy between testipv6 -> HeTunnelBroker"
id=20085 trace_id=21 func=fw6_forward_handler line=424 msg="Allowed by Policy-1:"
config system sit-tunnel
edit "HeTunnelBroker"
set destination 216.xx.xx.xx
set ip6 2001:xxx:xxx:xxx::2/64
set interface "wan1"
next
end
config router static6
edit 1
set device "HeTunnelBroker"
next
end
config system interface
edit "testipv6"
set vdom "root"
set type vap-switch
set device-identification enable
set snmp-index 13
config ipv6
set ip6-allowaccess ping
set ip6-address 2001:xxx:xxx:xxx::1/64
set ip6-send-adv enable
set ip6-manage-flag enable
config ip6-prefix-list
edit 2001:xxx:xxx:xxx::/64
set autonomous-flag enable
next
end
end
next
end
diagnose snifferpa[K[K packet any "ip proto 41" 4 0
interfaces=[any]
filters=[ip proto 41]
2.417429 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 72
2.417605 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 60
2.534385 wan1 in 216.xx.xx.xx -> 85.yy.yy.yy: ip-proto-41 60
2.535355 wan1 in 216.xx.xx.xx -> 192.168.1.254: ip-proto-41 72
2.540262 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 60
2.541366 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 498
2.901267 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 498
3.312483 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 498
4.032740 wan1 out 192.168.1.254 -> 216.xx.xx.xx: ip-proto-41 498
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1071 | |
751 | |
443 | |
219 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.