![]() ![]() – In an IPv6 address, the first four fields are the network, the last four fields the device. Just dropping all ICMP at the border won’t do the trick. – ICMPv6 is crucial to connection health. (This might not be true in Enterprise networks where you may decide to either use public addresses or ULAs with NPT, Network Prefix Translation.) All your clients will have public addresses. You can have more than one /64 on one VLAN and clients can have more than one IPv6 address. Subnetting further really isn’t a thing, with the exception of /127 point to point links, done for security reasons. – All local networks (subnets) have a /64 prefix length. (A /48 is the typical Enterprise site prefix size.) – Your “site” (home, office) will receive a /64 or /60 prefix from Comcast (residential), or as large as /56 (business). This post does not apply to Enterprise networks, though I mention Enterprise for reference here and there. There are just a few things to remember for home / office use if you are coming from an IPv4 world. I have given references at the end of the post. This post pulls together information already available elsewhere. Assigning subnets to Fortigate internal interfaces and assigning addresses to client devices.Receiving an external IP and a prefix using Prefix Delegation.There are three components to setting up IPv6 in this environment. It’s an interesting use case, and I lack the second link to test it. I am not covering how link failover / SDWAN would work with IPv6. If you use an ISP link with Prefix Delegation but have an internal core router downstream from the Fortigate, you may need a static IPv6 prefix instead. This post focuses on home / home office connections, though a small business that uses the Fortigate unit as the LAN router would work the same way. I’ll use Comcast as an example, since that’s my ISP. ![]() ![]() This post is meant to be a full description of how to enable IPv6 connectivity on an ISP link with Prefix Delegation, using a Fortigate firewall. Same issue as above came back with FortiOS 6.2.x fixed again in 6.4.4. I have not tested 5.6.x but am assuming it has the same issue. Make sure to use FortiOS 6.0.3 or later for this, as earlier versions of 6.0.x will force your interface to IPv6 “static” when you make any change to the interface from the GUI, including changes to its IPv4 configuration, such as a DHCP reservation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |