FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home

Video

FortiGuard

Fuse

KB

Support

  • All Files

Home > Online Help

> Chapter 15 - IPv6 > IPv6 Configuration > IPv6 firewall addresses

IPv6 firewall addresses

Scenario: Mail Server

You need to create an IPv6 address for the Mail Server on Port1 of your internal network. This server is on the network off of port1.

  • The IP address is 2001:db8:0:2::20/128
  • There should be a tag for this address being for a server.
Configuring the Example using the GUI
  1. Go to Policy & Objects > Objects > Addresses and select Create New > Address.
  2. Select IPv6 Address and fill out the fields with the following information
Name Mail_Server
Type Subnet
IPv6 Address 2001:db8:0:2::20/128
  1. Select OK.
Configuring the Example using the CLI

Enter the following CLI command:

config firewall address6

edit Mail_Server

set type ipprefix

set subnet 2001:db8:0:2::20/128

end

Scenario: First Floor Network

You need to create an IPv6 address for the subnet of the internal network off of Port1. These computers connect to port1. The network uses the IPv6 addresses: fdde:5a7d:f40b:2e9d:xxxx:xxxx:xxxx:xxxx

There should be a reference to this being the network for the 1st floor of the building.

  1. Go to Policy & Objects > Objects > Addresses
  2. Select Create New > Address.Select IPv6 Address and fill out the fields with the following information:
Name Internal_Subnet_1
Type Subnet / IP Range
IPv6 Address 2001:db8:0:2::/64
Comments Network for 1st Floor
  1. Select OK.
  2. Enter the following CLI command:

config firewall address6

edit Internal_Subnet_1

set comment "Network for 1st Floor"

set type ipprefix

set subnet 2001:db8:0:2::/64

end

Scenario: Accounting Team

You need to create an IPv6 address for the Accounting Team that's on the 1st Floor. These users are off of various ports of the FortiGate, but they have all been assigned addresses between 2001:db8:0:2::2000 and 2001:db8:0:2::a000

Configuring the Example using the GUI
  1. Go to Policy & Objects > Objects > Addresses and select Create New > Address.
  2. Select IPv6 Address and fill out the fields with the following information
Name Accounting_Team
Type IP Range
Subnet / IP Range 2001:db8:0:2::2000-2001:db8:0:2::a000
  1. Select OK.
Configuring the Example using the CLI

Enter the following CLI command:

config firewall address6

edit Accounting_Team

set type iprange

set visibility enable

set start-ip 2001:db8:0:2::2000

set end-ip 2001:db8:0:2::a000

end

To verify that the addresses were added correctly:
  1. Go to Policy & Objects > Objects > Addresses. Check that the addresses have been added to the address list and that they are correct.
  2. Enter the following CLI command:

config firewall address6

edit <the name of the address that you wish to verify>

Show full-configuration

 

Copyright © 2018 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy