Fortinet black logo

New Features

Using IPv6 addresses in the ISDB 7.2.4

Copy Link
Copy Doc ID 77966226-6996-11ec-bdf2-fa163e15d75b:465075
Download PDF

Using IPv6 addresses in the ISDB 7.2.4

Note

This information is also available in the FortiOS 7.2 Administration Guide:

IPv6 addresses are supported in the Internet Service Database (ISDB), and they can be configured in firewall policies.

In this example, the Google Gmail IPv6 ISDB address is used as a destination in a firewall policy.

To configure a policy with an IPv6 ISDB address in the GUI:
  1. Go to Policy & Objects > Firewall Policy and click Create New.

  2. In the Destination field, click the + and select the Internet Service tab.

  3. In the IPV6 INTERNET SERVICE section, select Google Gmail.

  4. Optionally, hover over the Google Gmail and click View/Edit Entries. A pane appears that displays the IPv6 address ranges for this Internet Service.

  5. Click Return to close the pane.

  6. Configure the other settings as needed.

  7. Click OK.

To configure a policy with an IPv6 ISDB address in the CLI:
config firewall policy
    edit 4
        set name "Internet Service6 policy"
        set srcintf "vlan100"
        set dstintf "wan1"
        set action accept
        set srcaddr6 "all"
        set internet-service6 enable
        set internet-service6-name "Google-Gmail"
        set schedule "always"
        set nat enable
    next
end
To view IPv6 ISDB address entries in the kernel:
# diagnose firewall internet-service6-prio-id list
List internet service in kernel(prio-id): 
65646(Google-Gmail)
To view summary details for the Google Gmail IPv6 ISDB address:
# diagnose internet-service6 id-summary 65646

Version: 00007.02907
Timestamp: 202212161345
Total number of IP ranges: 36878
Number of Groups: 12
Group(0), Singularity(20), Number of IP ranges(60)
Group(1), Singularity(18), Number of IP ranges(12)
Group(2), Singularity(17), Number of IP ranges(2728)
Group(3), Singularity(16), Number of IP ranges(2812)
Group(4), Singularity(15), Number of IP ranges(4011)
Group(5), Singularity(10), Number of IP ranges(2345)
Group(6), Singularity(9), Number of IP ranges(14)
Group(7), Singularity(8), Number of IP ranges(1555)
Group(8), Singularity(7), Number of IP ranges(2704)
Group(9), Singularity(6), Number of IP ranges(7300)
Group(10), Singularity(5), Number of IP ranges(3154)
Group(11), Singularity(4), Number of IP ranges(10183)
Internet Service: 65646(Google-Gmail)
Number of IP ranges: 482
Singularity: 15
Icon Id: 510
Direction: both
Data source: isdb
Country: 32 36 56 76 124 152 158 203 208 246 250 276 344 348 356 372 376 380 392 404 458 484 
        528 616 634 643 682 702 710 724 752 756 784 826 840 
Region: 65535 
City: 65535

Using IPv6 addresses in the ISDB 7.2.4

Note

This information is also available in the FortiOS 7.2 Administration Guide:

IPv6 addresses are supported in the Internet Service Database (ISDB), and they can be configured in firewall policies.

In this example, the Google Gmail IPv6 ISDB address is used as a destination in a firewall policy.

To configure a policy with an IPv6 ISDB address in the GUI:
  1. Go to Policy & Objects > Firewall Policy and click Create New.

  2. In the Destination field, click the + and select the Internet Service tab.

  3. In the IPV6 INTERNET SERVICE section, select Google Gmail.

  4. Optionally, hover over the Google Gmail and click View/Edit Entries. A pane appears that displays the IPv6 address ranges for this Internet Service.

  5. Click Return to close the pane.

  6. Configure the other settings as needed.

  7. Click OK.

To configure a policy with an IPv6 ISDB address in the CLI:
config firewall policy
    edit 4
        set name "Internet Service6 policy"
        set srcintf "vlan100"
        set dstintf "wan1"
        set action accept
        set srcaddr6 "all"
        set internet-service6 enable
        set internet-service6-name "Google-Gmail"
        set schedule "always"
        set nat enable
    next
end
To view IPv6 ISDB address entries in the kernel:
# diagnose firewall internet-service6-prio-id list
List internet service in kernel(prio-id): 
65646(Google-Gmail)
To view summary details for the Google Gmail IPv6 ISDB address:
# diagnose internet-service6 id-summary 65646

Version: 00007.02907
Timestamp: 202212161345
Total number of IP ranges: 36878
Number of Groups: 12
Group(0), Singularity(20), Number of IP ranges(60)
Group(1), Singularity(18), Number of IP ranges(12)
Group(2), Singularity(17), Number of IP ranges(2728)
Group(3), Singularity(16), Number of IP ranges(2812)
Group(4), Singularity(15), Number of IP ranges(4011)
Group(5), Singularity(10), Number of IP ranges(2345)
Group(6), Singularity(9), Number of IP ranges(14)
Group(7), Singularity(8), Number of IP ranges(1555)
Group(8), Singularity(7), Number of IP ranges(2704)
Group(9), Singularity(6), Number of IP ranges(7300)
Group(10), Singularity(5), Number of IP ranges(3154)
Group(11), Singularity(4), Number of IP ranges(10183)
Internet Service: 65646(Google-Gmail)
Number of IP ranges: 482
Singularity: 15
Icon Id: 510
Direction: both
Data source: isdb
Country: 32 36 56 76 124 152 158 203 208 246 250 276 344 348 356 372 376 380 392 404 458 484 
        528 616 634 643 682 702 710 724 752 756 784 826 840 
Region: 65535 
City: 65535