Fortinet black logo

Handbook

IPv6 access control list

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:993001
Download PDF

IPv6 access control list

The IPv6 Access Control List is a specialized policy for denying IPv6 traffic based on:

  • the incoming interface
  • the source addresses of the traffic
  • the destination addresses of the traffic
  • the services or ports the traffic is using

The only action available in this policy is DENY.

This feature is available on FortiGates with NP6 processors and is not supported by FortiGates with NP6lite processors.

To configure a IPv6 access control list entry in the GUI

  1. Go to Policy & Objects > IPv6 Access Control List

    The right side window will display a table of the existing IPv6 Access Control List entries.

    • To edit an existing entry, double click on the policy you wish to edit
    • To create a new entry, select the Create New icon in the top left side of the right window.
  2. Set the Incoming Interface parameter by using the drop down menu to select a single interface.
  3. Set the Source IPv6 Address parameter by selecting the field with the "+" next to the field label. Single or multiple options can be selected unless the all option is chosen in which case, it will be the only option. For more information on addresses, check the Firewall Objects section called Addresses.
  4. Set the Destination IPv6 Address parameter by selecting the field with the "+" next to the field label. Single or multiple options can be selected unless the all option is chosen in which case, it will be the only option.
  5. Set the Services parameter by selecting the field with the "+" next to the field label. Single or multiple options can be selected unless the ALL option is chosen in which case, it will be the only option. For more information on services, check the Firewall Objects section called Services and TCP ports.
  6. Toggle whether or not to Enable this policy.The default is enabled.
  7. Select the OK button to save the policy.

IPv6 access control list

The IPv6 Access Control List is a specialized policy for denying IPv6 traffic based on:

  • the incoming interface
  • the source addresses of the traffic
  • the destination addresses of the traffic
  • the services or ports the traffic is using

The only action available in this policy is DENY.

This feature is available on FortiGates with NP6 processors and is not supported by FortiGates with NP6lite processors.

To configure a IPv6 access control list entry in the GUI

  1. Go to Policy & Objects > IPv6 Access Control List

    The right side window will display a table of the existing IPv6 Access Control List entries.

    • To edit an existing entry, double click on the policy you wish to edit
    • To create a new entry, select the Create New icon in the top left side of the right window.
  2. Set the Incoming Interface parameter by using the drop down menu to select a single interface.
  3. Set the Source IPv6 Address parameter by selecting the field with the "+" next to the field label. Single or multiple options can be selected unless the all option is chosen in which case, it will be the only option. For more information on addresses, check the Firewall Objects section called Addresses.
  4. Set the Destination IPv6 Address parameter by selecting the field with the "+" next to the field label. Single or multiple options can be selected unless the all option is chosen in which case, it will be the only option.
  5. Set the Services parameter by selecting the field with the "+" next to the field label. Single or multiple options can be selected unless the ALL option is chosen in which case, it will be the only option. For more information on services, check the Firewall Objects section called Services and TCP ports.
  6. Toggle whether or not to Enable this policy.The default is enabled.
  7. Select the OK button to save the policy.