Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Fortigate IPv6: Difference between revisions

Fortigate IPv6 (view source)

Revision as of 23:59, 17 August 2018

7 bytes added ,  17 August 2018
clean up, typos fixed: coverd → covered, sucessfully → successfully, useage → usage, ie → i.e. , eg → e.g. (2)
m (tidy up slightly lol)
(clean up, typos fixed: coverd → covered, sucessfully → successfully, useage → usage, ie → i.e. , eg → e.g. (2))
Fortinet's Unified Threat Management (UTM) solutions are well regarded and provide indepdentedly reviewed and tested levels of protection against numerous threats.
In addition to fully stateful firewalls (typical in most consumer products) Fortigate and FortiWifi products support:-
* Full control of incoming and outgoing traffic flow (iei.e. nothing can leave or enter the protected network unless explicitly permitted).
* Anti-virus protection which can be applied to any firewall flow (removing viruses before traffic hits the end device).
* Botnet/ Command & Control server mitigation (preventing outgoing and incoming connections from known Botnet/ Command & Control servers).
* Web Filtering (which allows categories of sites to be allows or blocked. ege.g. media streaming sites can be blocked to prevent excess bandwidth useageusage).
* Application control (allowing specific applications to be allowed or blocked. ege.g. BitTorrents can be blocked to prevent downloads of potentially copyright information)
* Dynamic updating of services to protect against new threats.
* Support of entrprise features such as VLAN, QoS, Additional Wireless Access Points and advanced routing configurations.
 
To support this configuration on Fortigate/ Fortinet products requires the 5.6 release which became availabe in early April 2017.
This release supports "multiple PPPoE connections on a single interface (Feature 363958)" which allows the A&A native IPv6 config (IA and PD) to be sucessfullysuccessfully configured.
Upgrade to this 5.6 release (or later if available) before attepmting to setup native IPv6 on your Fortigate.
Ideally, the setup is probably most easily setup on a default Fortigate/ FortiWifi configuration.
In an existing configuration all policies need to be redirected to the new virtual interface once it has been configurated. For a new configuration new firewall polices are directed towards the virtual interface.
Lastly, for IPv6 a default static route needs to be set toward the virtual interface.
I've not coverdcovered the LAN side of the configuration. This configuration depends on your requirements- both stateless configurations (no DHCPv6 server with the client configuring it's IP address based on IPv6 prefix advertisements) and stateful (based on a DHCPv6 server are possible.
 
== Configuration Details ==
Reedy
editor
698

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/13468