I'm running 7.2.8..I just got IPv6 running, and I run dual stack IPv4
and IPv6For some reason, I started receiving many 64:ff9b:: requests
from some devices. (Amazon, I'm looking at you.)I understand these are
IPv6 requests to get to the IPv4 Interne...
I've searched everywhere, but can't resolve this question. I have TWO
ISP's that each use IPv4 and IPv6. With IPv4, each ISP gives you one
public address and on your network, you assign local IP addresses that
can stay fixed, 192.168.1.X. for example...
I guess the title says it all. I block Facebook in a web profile with
*.facebook.com. and its the first item, with action to block. (I block
Meta as well.) I have an application profile with the first override to
block the facebook application. My DN...
I'm having the hardest time getting my getting my 40F Fortigate
connected to IPv6. I am fairly versed in networking and Fortigate (two
years now) but not having luck here. So I have the Interface set to DHCP
and its COX Communications. I have obtaine...
Running 7.2.5I have an SD-WAN with two IPv6 ISPs. I'm using Central NAT,
and I have an IPv6 Pool for each ISP with a subnet of IP addresses. That
works, and the Fortigate selects an IP from the pool for each ISP for
every computer. The problem is, th...
OK I fixed it, just not the way I should have to. The two IP addresses
at Facebook my computer and iPhones were contacting had IP addresses in
the 31.13.70.X and 31.13.90.X ranges, so I just added a firewall rule to
block those two IP ranges. Works l...
I should say, Central NAT lets me pick "outgoing interface IP" which
works great for IPv4 but I don't think IPv6. I can use an "IP Pool" but
it looks like those pools are fixed, and I'm sure my delegated IP range
for IPv6 changes. So that won't work.
I should also say, if I do type in Facebook.com in a browser, I do get a
Fortigate messages saying the Facebook APPLICATION is blocked, so that
is working. So, I guess I am going to have to live with it.
Also, I know some browsers want to use DNS over TLS or DNS over HTTPS
but I do have those turned off in the browser because the AdGuard
enforces this to the actual DNS servers.
So I do have a Fortigate DNS filter in between my devices and my DNS
repeaters (AdGuards) which are also on my network. I block DNS traffic
that goes from devices to the WAN unless it's from AdGuard to the WAN,
obviously. It's a wildcard *Facebook.co...
