Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.4.1 Administration Guide
    7.4.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    IPv6 stateless address auto-configuration (SLAAC)

    IPv6 stateless address auto-configuration (SLAAC)

    FortiGate can easily obtain an IPv6 address on any given interface using SLAAC (stateless address auto-configuration). SLAAC is designed only for IP assignments and does not provide DNS server addresses to hosts. See RFC 4862 for more information.

    Use one of the following options to obtain a DNS server address:

    In this example, the Enterprise Core FortiGate is connected to the First Floor FortiGate. The Enterprise Core FortiGate has SLAAC enabled, which allows the First Floor FortiGate to automatically obtain an IPv6 address using the auto-configuration IPv6 address option.

    To enable IPv6 auto-configuration in the GUI:

    1. Configure SLAAC on the Enterprise Core FortiGate:

      1. Go to Network > Interfaces and edit port5.

      2. Configure the following settings:

        IPv6 addressing mode

        Manual

        IPv6 Address/Prefix

        2001:db8:d0c:1::1/64

        Stateless Address Auto-configuration (SLAAC)

        Enable

        IPv6 prefix list

        Enable

        IPv6 prefix

        2001:db8:d0c:1::/64

      3. Click OK.

    2. Configure the First Floor FortiGate to automatically obtain an IPv6 address:

      1. Go to Network > Interfaces and edit port5.

      2. Enable Auto configure IPv6 address. The First Floor FortiGate uses the prefix that it obtains from the Enterprise Core FortiGate interface, and automatically generates an IPv6 address.

    3. Verify that the First Floor FortiGate automatically generated an IPv6 address:

      1. Go to Network > Interfaces and edit port5. The IPv6 Address/Prefix field is prepopulated with an IPv6 address.

    To enable IPv6 auto-configuration in the CLI:

    1. Configure SLAAC on the Enterprise Core FortiGate:

      config system interface
    edit "port5"
        config ipv6
            set ip6-address 2001:db8:d0c:1::1/64
            set ip6-send-adv enable
            config ip6-prefix-list
                edit 2001:db8:d0c:1::/64
                next
            end
        end
    next
end

    2. Configure the First Floor FortiGate to automatically obtain an IPv6 address:

      config system interface
    edit "port5"
        config ipv6
            set autoconf enable
        end
    next
end

    3. Verify that the First Floor FortiGate automatically generated an IPv6 address:

      # diagnose ipv6 address list | grep port5
dev=4 devname=port5 flag= scope=0 prefix=64 addr=2001:db8:d0c:1:20c:29ff:fe4d:f83d preferred=604419 valid=2591619 cstamp=976270 tstamp=979470
    Previous
    Next

    IPv6 stateless address auto-configuration (SLAAC)

    IPv6 stateless address auto-configuration (SLAAC)

    FortiGate can easily obtain an IPv6 address on any given interface using SLAAC (stateless address auto-configuration). SLAAC is designed only for IP assignments and does not provide DNS server addresses to hosts. See RFC 4862 for more information.

    Use one of the following options to obtain a DNS server address:

    In this example, the Enterprise Core FortiGate is connected to the First Floor FortiGate. The Enterprise Core FortiGate has SLAAC enabled, which allows the First Floor FortiGate to automatically obtain an IPv6 address using the auto-configuration IPv6 address option.

    To enable IPv6 auto-configuration in the GUI:

    1. Configure SLAAC on the Enterprise Core FortiGate:

      1. Go to Network > Interfaces and edit port5.

      2. Configure the following settings:

        IPv6 addressing mode

        Manual

        IPv6 Address/Prefix

        2001:db8:d0c:1::1/64

        Stateless Address Auto-configuration (SLAAC)

        Enable

        IPv6 prefix list

        Enable

        IPv6 prefix

        2001:db8:d0c:1::/64

      3. Click OK.

    2. Configure the First Floor FortiGate to automatically obtain an IPv6 address:

      1. Go to Network > Interfaces and edit port5.

      2. Enable Auto configure IPv6 address. The First Floor FortiGate uses the prefix that it obtains from the Enterprise Core FortiGate interface, and automatically generates an IPv6 address.

    3. Verify that the First Floor FortiGate automatically generated an IPv6 address:

      1. Go to Network > Interfaces and edit port5. The IPv6 Address/Prefix field is prepopulated with an IPv6 address.

    To enable IPv6 auto-configuration in the CLI:

    1. Configure SLAAC on the Enterprise Core FortiGate:

      config system interface
    edit "port5"
        config ipv6
            set ip6-address 2001:db8:d0c:1::1/64
            set ip6-send-adv enable
            config ip6-prefix-list
                edit 2001:db8:d0c:1::/64
                next
            end
        end
    next
end

    2. Configure the First Floor FortiGate to automatically obtain an IPv6 address:

      config system interface
    edit "port5"
        config ipv6
            set autoconf enable
        end
    next
end

    3. Verify that the First Floor FortiGate automatically generated an IPv6 address:

      # diagnose ipv6 address list | grep port5
dev=4 devname=port5 flag= scope=0 prefix=64 addr=2001:db8:d0c:1:20c:29ff:fe4d:f83d preferred=604419 valid=2591619 cstamp=976270 tstamp=979470
    Previous
    Next