IPv6 To IPv4 VIP

Yazeed- · ‎05-22-2023

Hi

i have fortigate firewall with the firmware 6.4.12 installed and i want to create firewall policy that has IPv6 external IP and mapped to IPv4 IP. i created the VIP in nat64 but when i try to apply it on the IPv6 policy the VIP is not showing.

akristof · ‎05-22-2023

Hi,

You need to select NAT64 and then you should be able to select VIP as destination.

Adrian

Yazeed- · ‎05-22-2023

i tried that but still i cant publish the service as IPv6

akristof · ‎05-22-2023

Hi,

You are still not able to select VIP in firewall policy? If you are on 6.4, you need to enable under feature visibility IPv6 and Nat46/Nat64 options. Then create NAT64 VIP and then use this VIP in IPv4 policy.

Adrian

Yazeed- · ‎05-22-2023

i already enabled IPv6 and Nat46/Nat64 options also the created nat64 vip is not showing in the ipv4 policy as destination.

akristof · ‎05-22-2023

You can use VIP in Nat64 policy only. Then in IPV4 you normal IPv4 address as it will be translated already..

Adrian

Yazeed- · ‎05-23-2023

what i should choose in the nat64 IP Pool Configuration

akristof · ‎05-23-2023

Safest way is to use "Use outgoing interface address".

Adrian

Yazeed- · ‎05-23-2023

i tried but still i cant reach the published website

akristof · ‎05-23-2023

Hi. If traffic still does not work, use debug flows, for both IPv4 and IPv6 to see the flow:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-use-debug-flow-and-sniffer-to-captu...

Adrian

IPv6 To IPv4 VIP

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website