IPv6

DHCPv6 server is configurable in delegated mode (295007)

Downstream IPv6 interfaces can receive address assignments on delegated subnets from a DHCP server that serves an upstream interface.

DHCPv6-PD configuration

Enable DHCPv6 Prefix Delegation on upstream interface (port10):

config system interface
   edit "port10"
     config ipv6
       set dhcp6-prefix-delegation enable
     end
end

Assign delegated prefix on downstream interface (port1). Optionally, specific delegated prefixes can be specified:

config system interface
   edit "port1"
     config ipv6
       set ip6-mode delegated
       set ip6-upstream-interface "port10"
       set ip6-subnet ::1:0:0:0:1/64
       set ip6-send-adv enable
       config ipv6-delegated-prefix-list
         edit 1
           set upstream-interface "port10"
           set autonomous-flag enable
           set onlink-flag enable
           set subnet 0:0:0:100::/64
         end
     end
   end
		
DHCPv6 Server configuration

Configuring a server that uses delegated prefix and DNS from upstream:

config system dhcp6 server
   edit 1
     set dns-service delegated
     set interface "wan2"
     set upstream-interface "wan1"
     set ip-mode delegated
     set subnet 0:0:0:102::/64
   end

FortiGate can connect to FortiAnalyzer using IPv6 addresses (245620)

When configuring your FortiGate to send logs to a FortiAnalyzer you can specify an IPv4 or an IPv6 address.

IPv6 neighbor discovery limits changes(248076)

You can use the following command to configure the maximum number of IPv6 neighbors that can be discovered by the IPv6 Neighbor Discovery Protocol (NDP) and added to the IPv6 neighbor database.

config system global

set ndp-max-entry <integer>

end

The number of entries can be in the range 65,536 to 2,147,483,647. The default value of 0 means 65,536 entries.

Support IPv6 blackhole routing (220101)

Similar to IPv4 blackhole routing, IPv6 blackhole routing is now supported. Use the following command to enable IPv6 blackhole routing:

config router static6

edit 1

set blackhole enable/disable

next

end

 

TFTP session helper for IPv6 (263127)

TFTP is supported over nat66 and nat46.

FTP, PPTP and RTSP session helper enhancements for IPv6 (244986)

The FTP, PPTP and RTSP session helpers support NAT-64 customer-side translator (CLAT) sessions.

Central Management ratings and update servers can use IPv6 addresses (297144)

You can configure servers for Central Management using either IPv4 or IPv6 addresses. The addr-type field sets the address type. The address is entered in the server-address or server-address6 field as appropriate.

config system central-management

set type fortimanager

set fmg "2000:172:16:200::207"

set vdom "vdom1"

config server-list

edit 1

set server-type rating update

set addr-type ipv6

set server-address6 2000:172:16:200::207

end

end

Allow asymmetric routing for ICMP (258734)

Where network topology requires asymmetric routing for ICMP traffic, you can configure the FortiGate to permit the asymmetric ICMP traffic. This is done in the CLI. There are separate fields for IPv4 and IPv6 versions of ICMP.

config system settings

set asymroute-icmp enable

set asymroute-icmp6 enable

end