Fortinet black logo

CLI Reference

Home FortiGate / FortiOS 6.0.0 CLI Reference

system nat64

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0
Copy Link
Copy Doc ID c287b6bf-a995-11e9-81a4-00505692583a:950625
Download PDF

system nat64

Use this command to configure NAT64 options, including secondary IPv6 prefixes to support dynamic NAT46/64 IP pool.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set secondary-prefix-status {enable | disable}

config secondary-prefix

...

Configure secondary IPv6 prefixes to be used in policies to give the configuration of addresses more options.

Note that the default prefix must have a length of 96, but the secondary prefixes can be different lengths.

To use the IP pool in NAT46 policies, enable the use of IP pools in firewall {policy46 | policy64}.

 
config system nat64
    set status {enable | disable}   Enable/disable NAT64 (default = disable).
    set nat64-prefix {ipv6 prefix}   NAT64 prefix must be ::/96 (default = 64:ff9b::/96).
    set secondary-prefix-status {enable | disable}   Enable/disable secondary NAT64 prefix.
    config secondary-prefix
        edit {name}
        # Secondary NAT64 prefix.
            set name {string}   NAT64 prefix name. size[35]
            set nat64-prefix {ipv6 prefix}   NAT64 prefix.
        next
    set always-synthesize-aaaa-record {enable | disable}   Enable/disable AAAA record synthesis (default = enable).
    set generate-ipv6-fragment-header {enable | disable}   Enable/disable IPv6 fragment header generation.
    set nat46-force-ipv4-packet-forwarding {enable | disable}   Enable/disable mandatory IPv4 packet forwarding in nat46.
end
Previous
Next

system nat64

Use this command to configure NAT64 options, including secondary IPv6 prefixes to support dynamic NAT46/64 IP pool.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set secondary-prefix-status {enable | disable}

config secondary-prefix

...

Configure secondary IPv6 prefixes to be used in policies to give the configuration of addresses more options.

Note that the default prefix must have a length of 96, but the secondary prefixes can be different lengths.

To use the IP pool in NAT46 policies, enable the use of IP pools in firewall {policy46 | policy64}.

 
config system nat64
    set status {enable | disable}   Enable/disable NAT64 (default = disable).
    set nat64-prefix {ipv6 prefix}   NAT64 prefix must be ::/96 (default = 64:ff9b::/96).
    set secondary-prefix-status {enable | disable}   Enable/disable secondary NAT64 prefix.
    config secondary-prefix
        edit {name}
        # Secondary NAT64 prefix.
            set name {string}   NAT64 prefix name. size[35]
            set nat64-prefix {ipv6 prefix}   NAT64 prefix.
        next
    set always-synthesize-aaaa-record {enable | disable}   Enable/disable AAAA record synthesis (default = enable).
    set generate-ipv6-fragment-header {enable | disable}   Enable/disable IPv6 fragment header generation.
    set nat46-force-ipv4-packet-forwarding {enable | disable}   Enable/disable mandatory IPv4 packet forwarding in nat46.
end
Previous
Next