Here's my config for my WAN interface (port 4) and LAN interfaces (ports 1 & 2):- edit "port4" set vdom "root" set mode pppoe set distance 1 set allowaccess ping set vlanforward enable set ident-accept enable set type physical set scan-botnet-connections block set description "Connection to XXX ISP" set alias "WAN" set estimated-upstream-bandwidth 18000 set estimated-downstream-bandwidth 72000 set role wan set snmp-index 4 config ipv6 set ip6-mode pppoe set ip6-allowaccess ping set dhcp6-prefix-delegation enable set dhcp6-prefix-hint 2001:XXX:XXXX:ed3f::/64 set autoconf enable end set username "XXXX@XXXX" set password ENC tq5ZO9A2J9sK7nniSkXXXXXXXXXXXiL1uWouRrsCrTmzxnKU0YFClOgMgnKKM85LigteqPIzB+8pwZkgu/uICkfM9IqKJ2IczCi2mcQpjWdegYBWYBQpx0Kepb4IjUczW4bTLQ6QarQvITrBcmXbQU9XkCd5nCHGIbZSOE3DaddpMFAAw6WY+TSoFtgh/hJ5JLXfWlwg== set padt-retry-timeout 0 set dns-server-override disable next and LAN ports 1 &2 :- edit "port1" set vdom "root" set ip 192.168.XXX.1 255.255.255.0 set allowaccess ping https ssh set vlanforward enable set type physical set scan-botnet-connections block set alias "LAN1" set device-identification enable set device-identification-active-scan enable set lldp-transmission enable set fortiheartbeat enable set role lan set snmp-index 1 config ipv6 set ip6-mode delegated set ip6-allowaccess ping https ssh set ip6-send-adv enable set ip6-manage-flag enable set ip6-other-flag enable set ip6-upstream-interface "port4" set ip6-subnet ::1.0.0.1/120 config ip6-delegated-prefix-list edit 1 set upstream-interface "port4" set autonomous-flag enable set onlink-flag enable set subnet ::1.0.0.0/120 next end end next edit "port2" set vdom "root" set ip 192.168.XXX.1 255.255.255.0 set vlanforward enable set type physical set scan-botnet-connections block set alias "LAN2" set device-identification enable set device-identification-active-scan enable set lldp-transmission enable set fortiheartbeat enable set role lan set snmp-index 2 config ipv6 set ip6-mode delegated set ip6-send-adv enable set ip6-manage-flag enable set ip6-other-flag enable set ip6-upstream-interface "port4" set ip6-subnet ::2.0.0.1/120 config ip6-delegated-prefix-list edit 1 set upstream-interface "port4" set autonomous-flag enable set onlink-flag enable set subnet ::2.0.0.0/120 next end end -------------------------------------- Port "get" showing current addresses etc -------------------------------------------------------- WAN (Port 4) details router (port4) # get name : port4 vdom : root cli-conn-status : 2 fortilink : disable mode : pppoe distance : 1 priority : 0 dhcp-relay-service : disable ip : XXX.XXX.199.37 255.255.255.255 allowaccess : ping fail-detect : disable arpforward : enable broadcast-forward : disable bfd : global l2forward : disable icmp-redirect : enable vlanforward : enable stpforward : disable ips-sniffer-mode : disable ident-accept : enable ipmac : disable subst : disable substitute-dst-mac : 00:00:00:00:00:00 status : up netbios-forward : disable wins-ip : 0.0.0.0 type : physical netflow-sampler : disable sflow-sampler : disable scan-botnet-connections: block src-check : enable sample-rate : 2000 polling-interval : 20 sample-direction : both explicit-web-proxy : disable explicit-ftp-proxy : disable tcp-mss : 0 inbandwidth : 0 outbandwidth : 0 spillover-threshold : 0 ingress-spillover-threshold: 0 weight : 0 external : disable devindex : 6 description : Connection to A&A ISP alias : WAN l2tp-client : disable security-mode : none device-identification: disable fortiheartbeat : disable estimated-upstream-bandwidth: 18000 estimated-downstream-bandwidth: 72000 vrrp-virtual-mac : disable vrrp: role : wan snmp-index : 4 auto-auth-extension-device: disable ap-discover : enable ipv6: ip6-mode : pppoe nd-mode : basic ip6-allowaccess : ping ip6-reachable-time : 0 ip6-retrans-time : 0 ip6-hop-limit : 0 dhcp6-prefix-delegation: enable delegated-prefix : 2001:XXX:XXXX:ed3f::/64 preferred-life-time : 3600 valid-life-time : 3600 delegated-DNS1 : 2001:XXX::2020 delegated-DNS2 : 2001:XXX::2021 delegated-domain : dhcp6-prefix-hint : 2001:XXX:XXXX:ed3f::/64 dhcp6-prefix-hint-plt: 604800 dhcp6-prefix-hint-vlt: 2592000 autoconf : enable ipunnumbered : 0.0.0.0 username : XXXX@XXXX password : * idle-timeout : 0 detected-peer-mtu : 1492 disc-retry-timeout : 1 padt-retry-timeout : 0 service-name : ac-name : lcp-echo-interval : 5 lcp-max-echo-fails : 3 defaultgw : enable PPPOE Gateway : XXX.XXX.81.187 dns-server-override : disable Acquired DNS1 : XXX.XXX.20.20 Acquired DNS2 : XXX.XXX.20.21 auth-type : auto macaddr : 08:5b:0e:ca:XX:XX speed : auto mtu-override : disable wccp : disable drop-overlapped-fragment: disable drop-fragment : disable LAN 1 (Port 1) router (port1) # get name : port1 vdom : root cli-conn-status : 0 fortilink : disable mode : static dhcp-relay-service : disable ip : 192.168.XXX.1 255.255.255.0 allowaccess : ping https ssh fail-detect : disable pptp-client : disable arpforward : enable broadcast-forward : disable bfd : global l2forward : disable icmp-redirect : enable vlanforward : enable stpforward : disable ips-sniffer-mode : disable ident-accept : disable ipmac : disable subst : disable substitute-dst-mac : 00:00:00:00:00:00 status : up netbios-forward : disable wins-ip : 0.0.0.0 type : physical netflow-sampler : disable sflow-sampler : disable scan-botnet-connections: block src-check : enable sample-rate : 2000 polling-interval : 20 sample-direction : both explicit-web-proxy : disable explicit-ftp-proxy : disable tcp-mss : 0 inbandwidth : 0 outbandwidth : 0 spillover-threshold : 0 ingress-spillover-threshold: 0 weight : 0 external : disable devindex : 3 description : alias : LAN1 l2tp-client : disable security-mode : none device-identification: enable device-user-identification: enable device-identification-active-scan: enable device-access-list : lldp-transmission : enable fortiheartbeat : enable broadcast-forticlient-discovery: disable endpoint-compliance : disable estimated-upstream-bandwidth: 0 estimated-downstream-bandwidth: 0 vrrp-virtual-mac : disable vrrp: role : lan snmp-index : 1 secondary-IP : disable auto-auth-extension-device: disable ap-discover : enable ipv6: ip6-mode : delegated nd-mode : basic ip6-allowaccess : ping https ssh ip6-reachable-time : 0 ip6-retrans-time : 0 ip6-hop-limit : 0 dhcp6-prefix-delegation: disable delegated-prefix : ::/0 preferred-life-time : 0 valid-life-time : 0 delegated-DNS1 : :: delegated-DNS2 : :: delegated-domain : dhcp6-information-request: disable ip6-send-adv : enable ip6-manage-flag : enable ip6-other-flag : enable ip6-max-interval : 600 ip6-min-interval : 198 ip6-link-mtu : 0 ip6-default-life : 1800 ip6-upstream-interface: port4 ip6-subnet : ::1.0.0.1/120 ip6-delegated-prefix-list: == [ 1 ] prefix-id: 1 upstream-interface: port4 autonomous-flag: enable onlink-flag: enable subnet: ::1.0.0.0/120 macaddr : 08:5b:0e:ca:XX:XX speed : auto mtu-override : disable wccp : disable drop-overlapped-fragment: disable drop-fragment : disable LAN 2 (Port 2) router (port2) # get name : port2 vdom : root cli-conn-status : 0 fortilink : disable mode : static dhcp-relay-service : disable ip : 192.168.XXX.1 255.255.255.0 allowaccess : fail-detect : disable pptp-client : disable arpforward : enable broadcast-forward : disable bfd : global l2forward : disable icmp-redirect : enable vlanforward : enable stpforward : disable ips-sniffer-mode : disable ident-accept : disable ipmac : disable subst : disable substitute-dst-mac : 00:00:00:00:00:00 status : up netbios-forward : disable wins-ip : 0.0.0.0 type : physical netflow-sampler : disable sflow-sampler : disable scan-botnet-connections: block src-check : enable sample-rate : 2000 polling-interval : 20 sample-direction : both explicit-web-proxy : disable explicit-ftp-proxy : disable tcp-mss : 0 inbandwidth : 0 outbandwidth : 0 spillover-threshold : 0 ingress-spillover-threshold: 0 weight : 0 external : disable devindex : 4 description : alias : LAN2 l2tp-client : disable security-mode : none device-identification: enable device-user-identification: enable device-identification-active-scan: enable device-access-list : lldp-transmission : enable fortiheartbeat : enable broadcast-forticlient-discovery: disable endpoint-compliance : disable estimated-upstream-bandwidth: 0 estimated-downstream-bandwidth: 0 vrrp-virtual-mac : disable vrrp: role : lan snmp-index : 2 secondary-IP : disable auto-auth-extension-device: disable ap-discover : enable ipv6: ip6-mode : delegated nd-mode : basic ip6-allowaccess : ip6-reachable-time : 0 ip6-retrans-time : 0 ip6-hop-limit : 0 dhcp6-prefix-delegation: disable delegated-prefix : ::/0 preferred-life-time : 0 valid-life-time : 0 delegated-DNS1 : :: delegated-DNS2 : :: delegated-domain : dhcp6-information-request: disable ip6-send-adv : enable ip6-manage-flag : enable ip6-other-flag : enable ip6-max-interval : 600 ip6-min-interval : 198 ip6-link-mtu : 0 ip6-default-life : 1800 ip6-upstream-interface: port4 ip6-subnet : ::2.0.0.1/120 ip6-delegated-prefix-list: == [ 1 ] prefix-id: 1 upstream-interface: port4 autonomous-flag: enable onlink-flag: enable subnet: ::2.0.0.0/120 macaddr : 08:5b:0e:ca:XX:XX speed : auto mtu-override : disable wccp : disable drop-overlapped-fragment: disable drop-fragment : disable -------------------------------------------------- IPv6 Addresses and Current Ipv6 Routing Table --------------------------- IP Addresses Allocated by Prefix Delegation router # diagnose ipv6 address list dev=3 devname=port1 flag= scope=0 prefix=120 addr=2001:XXX:XXXX:ed3f::100:1 preferred=2211 valid=2211 dev=3 devname=port1 flag=P scope=253 prefix=64 addr=fe80::a5b:eff:feca:XXXX preferred=4294967295 valid=4294967295 dev=4 devname=port2 flag= scope=0 prefix=120 addr=2001:XXX:XXXX:ed3f::200:1 preferred=2211 valid=2211 dev=4 devname=port2 flag=P scope=253 prefix=64 addr=fe80::a5b:eff:feca:XXXX preferred=4294967295 valid=4294967295 dev=6 devname=port4 flag=P scope=253 prefix=64 addr=fe80::a5b:eff:feca:XXXX preferred=4294967295 valid=4294967295 dev=8 devname=root flag=P scope=254 prefix=128 addr=::1 preferred=4294967295 valid=4294967295 dev=10 devname=vsys_ha flag=P scope=254 prefix=128 addr=::1 preferred=4294967295 valid=4294967295 dev=12 devname=vsys_fgfm flag=P scope=254 prefix=128 addr=::1 preferred=4294967295 valid=4294967295 dev=19 devname=ppp1 flag=P scope=253 prefix=10 addr=fe80::a5b:eca:fffe:XXXX preferred=4294967295 valid=4294967295 Current IPv6 Routing Table router # get router info6 routing-table IPv6 Routing Table Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 I - IS-IS, B - BGP * - candidate default Timers: Uptime C ::1/128 via ::, root, 5d17h03m C 2001:XXX:XXXX:ed3f::100:0/120 via ::, port1, 05:25:17 C 2001:XXX:XXXX:ed3f::200:0/120 via ::, port2, 05:25:18 C fe80::/10 via ::, ppp1, 06:27:40 C fe80::/64 via ::, port4, 3d09h57m K ff00::/8 via ::, ppp1, 06:27:52