Hello, according to http://docs-legacy.fortinet.com/fos50hlp/52/index.html#page/FortiOS%205.2%20Help/IPv6_Features.131.09.html - For VIP46 extip should be an IPv4 address. And for using it dynamically it can be set to " 0.0.0.0" :

extip <address_ipv4>[-address_ipv4] Enter the IP address or address range on the external interface that you want to map to an address or address range on the destination network. If mappedip is an IP address range, the FortiGate unit uses extip as the first IP address in the external IP address range, and calculates the last IP address required to create an equal number of external and mapped IP addresses for one-to-one mapping. To configure a dynamic virtual IP that accepts connections destined for any IP address, set extip to 0.0.0.0." To configure a dynamic virtual IP that accepts connections destined for any IP address, set extip to 0.0.0.0."

So I did:

FWG# config firewall vip46 FWG(vip46) # edit vip46test new entry ' vip46test' added FWG(vip46test) # set mappedip 2001:123:456:140:: FWG(vip46test) # set extip 0.0.0.0 FWG(vip46test) # show config firewall vip46 edit " vip46test" set mappedip 2001:123:456:140:: next end FWG(vip46test) # end Invalid external ip address. object set operator error, -651 discard the setting Command fail. Return quote -651

Btw, it doesn´t matter if I set the Ipv6 to a range, a /64 or /128, the error is the same. So after " end" I get:

Invalid external ip address. object set operator error, -651 discard the setting Command fail. Return quote -651

Did I find a bug or did I something wrong?