- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- ipv6.... Anybody got it working? 5.2.4.688 fortiga...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ipv6.... Anybody got it working? 5.2.4.688 fortigate 200d
Hi-
I have read numerous docs, forum posts, blogs, etc. on how to get ipv6 working on this unit and each configuration attempt has always been met with failure. I've tried numerous configuration examples etc and no go. One of biggest challenges is what ipv6 addresses to enter in some areas of configuration. I have residential cable service with Comcast. I was hoping with the cost of this unit that ipv6 would be automatic and work natively out of the box like ipv4 in dual stack mode, but no. I have given up on trying to configure ipv6 for now, but was hoping there was someone with some insight or a straight forward set of configuration steps to get it working. maybe examples of config files from someone With the cable modem plugged into wan1 and with 1 lan interface using the physical switch ports connecting my access point, server, client machines etc. autoconf was met with failure. DHCP mode on my two interfaces was met with failure, prefix delegation- failed. and a host of other different configurations failed. I can ping an ipv6 address from the cli but what good is that?
Thanks ahead of time , and my apologies if this is posted in the wrong area, or covered somewhere else, or no longer up for discussion. I usually get this kind of stuff sorted out myself, but after almost having to reset the device trying to get it working on ipv4 properly again, I decided to give up until support for native ipv6 is coded into the os or someone with technical expertise can explain it all to me better. It's working fine now ipv4 only. ipv6 turned off!
Sam11123
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPv6 has works great for foritigate has been that way for years if not a decade. What/where are you finding your configuration assistance & knowledge? The KBs, Cookbook, and goog searches will show you tons of examples and configurations.
You can't do IPv6-PD btw in a fortigate but auto address works after you set the interface. As far natively out the box, NO...but it's only like 5 to 9 commands just to setup a fortigate up for basic ipv6 imho.
BTW: COMCAST has been supporting ipv6 for awhile I had it b4 & even assignment b4 I had to start paying.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for replying emnoc!
I've read documentation from all those sources you listed. Closest I got was when I used the autoconf enable on the wan1 interface and an assigned ipv6 address actually showed up in the gui. I thought I was good to go, but then then all the sudden nothing worked (no internet connectivity at all) and it scared me so I backed off thinking my tinkering with the ipv6 configuration had somehow messed up my ipv4 configuration when it may have just been an internet outage by Comcast at the time. Either way, I never got it configured to work properly. It always seemed that when I thought I was close to a working config, apple devices would try to connect via ipv6 having detected it's presence in the network environment but of course couldn't connect because something else was missing, so I'd have to try to start over, and over, and over. Anyway, thanks for your input. If only I had an expert that could remote into the unit and configure ipv6 on the unit for me. That would be awesome! With my last Cisco UTM device, I had my windows server box on the network provide DNS, DHCP client/server, AD, and DC roles along with ipv6 but no longer desire to have my network be dependent on the server for network connectivity. I want my Fortigate to do it all. It's a great product. Again, thanks for replying.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think your problem is your dual-stack device probably used ipv6 for preference and this why it broke. You need to 1t ( imho ) determine if your going to run dual-stack and what services you will reach over ipv4 or ipv6.
example;
goog gmail is located at
2a00:1450:4004:800::2005 ( ipv6)
or
216.58.210.101 ( ipv4 )
What want do you want to use IPv4 or v6 ? Some systems will always take the ipv6 return DNS record for access ( i.e http/https web-browsers, dns etc.... ) . So if you had no ipv6 path, than your " not able to reach the site " message will appear even tho the ipv4 path is available.
read the follow demo on behavior
https://labs.apnic.net/presentations/store/2012-08-28-dual-stack-quality-apnic34.pdf
With comcast-business, I would 1st configured my outside network on the untrusted wan/port and test ping and reach to the next-hop and beyond from the FGT directly
then
Configure the internal port with a ipv6 and SLAAC setup or a new lan interface if possible and do limited testing after you have a fw-policy6 crafted and with the host single-stacked as a ipv6 host.
if your running windows/linux machines DHCPv6 with other/manager flag support would be ideal. But in Apple approach, they haven't deploy a DHCPv6-client so DHCPv6 is useless & I'm afraid they will never do it natively. Maybe the new MACOSX might have start doing it or a 3rd party client.
Go slow, research dual-stack behavior and dive in. It's not that much harder, just understand the differences ( stateless vrs stateful, NDP , etc.....)
Once you have confirm reach and access, it's more about issues with ipv4/v6 preferences.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Related Posts
- Oracle sessions randomly hanging behind fortigate 20 Views
- Issues with activating proxy mode in... 32 Views
- LDAPS issue, 'Can't contact LDAP server' 55 Views
- Fortigate client based ssl-vpn with saml... 59 Views
- DoS policy in FortiGate 167 Views
Labels
-
FortiGate
6,516 -
FortiClient
1,300 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiAP
333 -
FortiSwitch
332 -
FortiClient EMS
262 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
83 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
58 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
FortiAuthenticator
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.