firewall : vip6
 
vip6
Use this command to configure static NAT virtual IPs for IPv6 addresses.
Syntax
config firewall vip6
edit <name_str>
set arp-reply {enable | disable}
set color <color_int>
set comment <comment_str>
set extip <address_ipv6>[-address_ipv6]
set extport <port_int>
set id <id_num_str>
set mappedip [<start_ipv4>-<end_ipv4>]
set mappedport <port_int>
set portforward {enable | disable}
set protocol {sctp | tcp | udp}
set src-filter <addr_str>
set type static-nat
end
Variable
Description
Default
<name_str>
Enter the name of this virtual IP address.
No default.
arp-reply
{enable | disable}
Select to respond to ARP requests for this virtual IP address.
enable
color <color_int>
Enter the number of the color to use for the group icon in the web-based manager.
0
comment <comment_str>
Enter comments relevant to the configured virtual IP.
No default
extip <address_ipv6>[-address_ipv6]
Enter the IP address or address range on the external interface that you want to map to an address or address range on the destination network.
If type is static-nat and mappedip is an IP address range, the FortiGate unit uses extip as the first IP address in the external IP address range, and calculates the last IP address required to create an equal number of external and mapped IP addresses for one-to-one mapping.
To configure a dynamic virtual IP that accepts connections destined for any IP address, set extip to 0.0.0.0.
0.0.0.0
extport <port_int>
Enter the external port number that you want to map to a port number on the destination network.
This option only appears if portforward is enabled.
If portforward is enabled and you want to configure a static NAT virtual IP that maps a range of external port numbers to a range of destination port numbers, set extport to the first port number in the range. Then set mappedport to the start and end of the destination port range. The FortiGate unit automatically calculates the end of the extport port number range.
0
id <id_num_str>
Enter a unique identification number for the configured virtual IP. Not checked for uniqueness. Range 0 - 65535.
No default.
mappedip
[<start_ipv4>-<end_ipv4>]
Enter the IP address or IP address range on the destination network to which the external IP address is mapped.
If type is static-nat and mappedip is an IP address range, the FortiGate unit uses extip as the first IP address in the external IP address range, and calculates the last IP address required to create an equal number of external and mapped IP addresses for one-to-one mapping.
If type is load-balance and mappedip is an IP address range, the FortiGate unit uses extip as a single IP address to create a one-to-many mapping.
0.0.0.0
mappedport <port_int>
Enter the port number on the destination network to which the external port number is mapped.
You can also enter a port number range to forward packets to multiple ports on the destination network.
For a static NAT virtual IP, if you add a map to port range the FortiGate unit calculates the external port number range.
0
portforward
{enable | disable}
Select to enable port forwarding. You must also specify the port forwarding mappings by configuring extport and mappedport.
disable
protocol {sctp | tcp | udp}
Select the protocol, SCTP, TCP or UDP, to use when forwarding packets.
tcp
src-filter <addr_str>
Enter a source address filter. Each address must be in the form of an IPv6 subnet (x:x:x:x:x:x:x:x/n). Separate addresses with spaces.
null
type static-nat
Only static NAT VIP is available in IPv6.
static-nat