Please Help Me Get Fiber IPv6 working

ameif56hgt · ‎03-18-2024

I'm having the hardest time getting my getting my 40F Fortigate connected to IPv6. I am fairly versed in networking and Fortigate (two years now) but not having luck here.

So I have the Interface set to DHCP and its COX Communications. I have obtained an IPv6 IP address and two IPv6 DNS servers.

For my LAN interface I'm using SLAAC, using fd00:6565::/64 as my prefix and all my devices have an IPv6 address. I even have enabled the DHCPv6 Server to give out my DNSv6 server addresses but mostly I use my DNSv4 which works also. And I have Central NAT enabled.

BUT I am just confused how to acquire delegated IPv6 addresses and how to pair them to my SLAAC IPv6 addresses in my devices.

Should I be using a different addressing mode???? MANUAL allows you to set "Auto configure IPv6 address"

Or "DELEGATED" mode. I don't know my "prefix hint"

I spend HOUR and HOURS trying to get setup info from COX, even pay for extra technical support, and never got ANYONE that knows an IP address from a Fortigate. FRUSTRATING. ANY HELP IS GREATLY APPRECIATED.

One more thing, I have SD-WAN set up because I have two ISPs, but the other only supports IPv4 and that works great. Also, do I need a STATIC ROUTE for IPv6? I was hoping to get the GATEWAY IPv6 from COX, but no luck.

Thanks much in advance.

akileshc · ‎03-19-2024

Hi Ameif,

Q. I am just confused about how to acquire delegated IPv6 addresses and how to pair them to my SLAAC IPv6 addresses on my devices. Should I be using a different addressing mode???? MANUAL allows you to set "Auto configure IPv6 address" or "DELEGATED" mode. I don't know my "prefix hint."

- IPv6 prefix delegation enables the dynamic assignment of an address prefix and DNS server address to an upstream interface, typically connected to an ISP.[WAN facing Interface]

- This process automates the assignment of prefixes to downstream interfaces, which are interfaces not connected directly to the ISP and use the delegated addressing mode.[LAN facing Interface]

- Downstream interfaces (LAN) can be configured to request specific IPv6 subnets from the upstream interface(WAN).

- When a downstream interface(LAN) receives the IPv6 address from the upstream interface(WAN), devices connected to it can obtain an IPv6 address using DHCPv6 or by configuring their own IP address using auto-configuration.

Please refer the following KB article for a detailed explanation of IPv6 Prefix delegation with an example; (In this scenario, the Enterprise Core FortiGate would represent your FortiGate connected to the ISP's DHCPv6 server, while the First Floor FortiGate would represent downstream devices connected to the FortiGate).

http://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/37673/ipv6-prefix-delegation

On the FortiGate, an interface can use the following methods to obtain an IPv6 address:

Method	Overview
IPv6 stateless address auto-configuration (SLAAC)	Enables each network host to auto-configure a unique IPv6 address. The lack of a state eliminates the need for a centralized server, thereby simplifying network management. SLAAC does not provide DNS server addresses to hosts.
DHCPv6 stateful server	Provides IPv6 addresses and additional information to hosts, such as a DNS server list and a domain name. Offers more control to the administrator in assigning addresses, but requires extra configuration.
SLAAC with DHCPv6 stateless server	Combines the benefits of SLAAC and DHCPv6. Enables each host on the network to auto-configure a unique IPv6 address and allows them to obtain additional information, such as a DNS server list and a domain name.
IPv6 prefix delegation	Enables internet service providers (ISPs) to provide organizations with a block of addresses that can be distributed throughout their network.

Akilesh

View solution in original post

akileshc · ‎03-19-2024

Hi Ameif,

Q. I am just confused about how to acquire delegated IPv6 addresses and how to pair them to my SLAAC IPv6 addresses on my devices. Should I be using a different addressing mode???? MANUAL allows you to set "Auto configure IPv6 address" or "DELEGATED" mode. I don't know my "prefix hint."

- IPv6 prefix delegation enables the dynamic assignment of an address prefix and DNS server address to an upstream interface, typically connected to an ISP.[WAN facing Interface]

- This process automates the assignment of prefixes to downstream interfaces, which are interfaces not connected directly to the ISP and use the delegated addressing mode.[LAN facing Interface]

- Downstream interfaces (LAN) can be configured to request specific IPv6 subnets from the upstream interface(WAN).

- When a downstream interface(LAN) receives the IPv6 address from the upstream interface(WAN), devices connected to it can obtain an IPv6 address using DHCPv6 or by configuring their own IP address using auto-configuration.

Please refer the following KB article for a detailed explanation of IPv6 Prefix delegation with an example; (In this scenario, the Enterprise Core FortiGate would represent your FortiGate connected to the ISP's DHCPv6 server, while the First Floor FortiGate would represent downstream devices connected to the FortiGate).

http://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/37673/ipv6-prefix-delegation

On the FortiGate, an interface can use the following methods to obtain an IPv6 address:

Method	Overview
IPv6 stateless address auto-configuration (SLAAC)	Enables each network host to auto-configure a unique IPv6 address. The lack of a state eliminates the need for a centralized server, thereby simplifying network management. SLAAC does not provide DNS server addresses to hosts.
DHCPv6 stateful server	Provides IPv6 addresses and additional information to hosts, such as a DNS server list and a domain name. Offers more control to the administrator in assigning addresses, but requires extra configuration.
SLAAC with DHCPv6 stateless server	Combines the benefits of SLAAC and DHCPv6. Enables each host on the network to auto-configure a unique IPv6 address and allows them to obtain additional information, such as a DNS server list and a domain name.
IPv6 prefix delegation	Enables internet service providers (ISPs) to provide organizations with a block of addresses that can be distributed throughout their network.

Akilesh

akileshc · ‎03-19-2024

Hi Ameif,

Q. One more thing, I have SD-WAN set up because I have two ISPs, but the other only supports IPv4 and that works great. Also, do I need a STATIC ROUTE for IPv6? I was hoping to get the GATEWAY IPv6 from COX, but no luck.

When setting up the SD-WAN member (Interface with IPv6 address), ensure to configure the corresponding IPv6 Gateway (if using static configuration). Additionally, it is necessary to set up an IPv6 static route with the default subnet/destination "::/0" and select the appropriate SD-WAN Zone to enable internet connectivity via the interface configured with the IPv6 address.

Akilesh

ameif56hgt · ‎03-19-2024

First, thank you so much. I followed this.. this, http://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/37673/ipv6-prefix-delegation

but..two things, the first I solved. First, on my LAN, I use SLAAC, and DHCPv6 to give my own DNS server, and use SLAAC to use my own fd00: IP addresses. OR turn off DHCPv6 and just use my own IPv4 DNS server, which works as well.

So all my devices are getting a fd00:xxxxx.. IP addresses. Works/Good.....

but, NAT and I am using Central NAT so for NAT...

Should I use "Use Outgoing Interface Address" or use "Dynamic IP Pool"?

Don't I want Dynamic IP Pool, but the IP Pools are set IP ranges. Don't I want a delegated IP Pool, or is that what "Use Outgoing Interface" is? THANKS!!