Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

Fortigate IPv6: Difference between revisions

Fortigate IPv6 (view source)

Revision as of 16:17, 30 November 2022

4,209 bytes added ,  30 November 2022
m
no edit summary
(clean up, typos fixed: coverd → covered, sucessfully → successfully, useage → usage, ie → i.e. , eg → e.g. (2))
mNo edit summary
=Version 7.2=
These details were updated late 2022 for Version 7.2
 
<gallery>
Fortigate_7.2_Delegated_IPv6_Diagram.jpg
</gallery>
 
Example set up to provide 3 ::/64 networks behind customer Fortigate using delegated IP from AA DHCPv6 server. For OS version 7.2
 
Note with 7.2 it is possible to configure PPPoE on the wan interface directly and this works for IPv4 but not for IPv6. If the interface is PPPoE and ipV6 addresssing is set for DHCP for IPv6 no address is obtained So a PPoe subinterface still needs to used.
Also with 7.2 the "set ip6-delegated-prefix-iaid x" command must be used otherwise the PPPoE interface cannot be assigned as the upstream interface.
 
See https://community.fortinet.com/t5/Fortinet-Forum/Error-when-addin-IPv6-with-deligation-to-LAN-interface/m-p/199091
and
https://blah.cloud/networks/enabling-ipv6-dhcpv6-pd-pppoe-fortigate/
for more details as to what each command does.
 
Example configurations below note the three IPv6 subnets need to be replaced with ones assigned from AA control pages:
I've also assigned .1 as the firewall address but this is strictly not required
 
<syntaxhighlight lang=bash>
config system interface
edit "wan"
set type physical
set role wan
config ipv6
end
set dns-server-override disable
next
edit "lan1"
set ip 192.168.1.1 255.255.255.0
set type physical
set device-identification enable
set role lan
config ipv6
set ip6-mode delegated
set ip6-allowaccess ping https ssh snmp http fgfm fabric
set ip6-send-adv enable
set ip6-manage-flag enable
set ip6-other-flag enable
set ip6-upstream-interface "PPPOE1"
set ip6-delegated-prefix-iaid 1
set ip6-subnet ::1/64
end
next
edit "lan2"
set ip 192.168.2.1 255.255.255.0
set type physical
set device-identification enable
set role lan
config ipv6
set ip6-mode delegated
set ip6-allowaccess ping https ssh snmp http fgfm fabric
set ip6-send-adv enable
set ip6-manage-flag enable
set ip6-other-flag enable
set ip6-upstream-interface "PPPOE1"
set ip6-delegated-prefix-iaid 2
set ip6-subnet ::1/64
end
next
edit "lan3"
set ip 192.168.3.1 255.255.255.0
set type physical
set device-identification enable
set role lan
config ipv6
set ip6-mode delegated
set ip6-allowaccess ping https ssh snmp http fgfm fabric
set ip6-send-adv enable
set ip6-manage-flag enable
set ip6-other-flag enable
set ip6-upstream-interface "PPPOE1"
set ip6-delegated-prefix-iaid 3
set ip6-subnet ::1/64
end
next
edit "PPPOE1"
set mode pppoe
set allowaccess ping
set type tunnel
set role wan
config ipv6
set ip6-mode dhcp
set ip6-allowaccess ping
set dhcp6-prefix-delegation enable
config dhcp6-iapd-list
edit 1
set prefix-hint 2001:8b0:ebxx:13fa9::/64
next
edit 2
set prefix-hint 2001:8b0:ebxx:13fb0::/64
next
edit 3
set prefix-hint 2001:8b0:ebxx:13fb1::/64
next
end
end
set interface "wan"
next
config system dhcp6 server
edit 1
set dns-service delegated
set interface "lan1"
set upstream-interface "PPPOE1"
set delegated-prefix-iaid 1
set ip-mode delegated
next
edit 2
set dns-service delegated
set interface "lan2"
set upstream-interface "PPPOE1"
set delegated-prefix-iaid 2
set ip-mode delegated
next
edit 3
set dns-service delegated
set interface "lan3"
set upstream-interface "PPPOE1"
set delegated-prefix-iaid 3
set ip-mode delegated
next
end
 
</syntaxhighlight>
 
=(Older) Version 5.6=
 
From a customer:
Fortinet Fortigate Native IPv6 support on A&A's Network.
AA-Andrew
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,270

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/16179