Hi all,
Recently I migrated to a new ISP, which supports IPv6. We've got 100MB fibre link.
Using IPv4 I can easily max it when downloading from ISP-provided test FTP server, but when using IPv6, I can barely get 400-500KB/s.
Testing with laptop plugged directly into ISP router shows max download, both for IPv4 and IPv6. Clearly, something must be off on the firewall, but after reviewing the config several times, switching off UTM features, etc, I can't find anything wrong.
I'm using Fortigate 100D, with 5.4 firmware.
My knowledge about IPv6 is rather poor, I know basics, but not much above that.
From the ISP, I got IPv6 range XXXX:XXXX:XXX5::/48, this was divided into /64 subnets, so on my LAN I have XXXX:XXXX:XXX5:1::/64.
Can you please confirm whether this is good or bad approach?
In the IPv6 policy I have simple access rule for LAN, without NAT.
Can you guys give me some hints where should I look to amend this situation? I opened a case with Fortinet, but my experience is not very good and I somehow doubt they will be very helpful.
Any input appreciated,
Chris
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It's quite normal to divide a /48 into /64 segments. Check your routing table. and verify that you can ping the hops.
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
Do you have off-loading enabled or disable for the ipv6 policies?
set auto-asic-offload enable|disable
We had a ticket open a few years back with the same issues of poor performance with a 3040 but nothing was ever figured out. I wish you luck but check the ipv6 .
btw, The whole /64 is designed around that's the minimum subnet size and SLAAC requires it.
PCNSE
NSE
StrongSwan
Many thanks for your replies.
I tried to change auto-asic-offload, but apparently 100D model doesn't have NPs, the command is unavailable. I had another serious conversation with my ISP tech support, they admitted that *maybe* there are some things in the routing settings which are not optimal.
I suspect the problem might be related to the fact that I have redundant link to two ISPs and they seems to have some issues talking to each other.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.