Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.4.3 Administration Guide

IPv6 quick start example

7.4.3
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
Copy Link
Copy Doc ID a36d7fdc-c11e-11ee-8c42-fa163e15d75b:167048
Download PDF

IPv6 quick start example

In this example, a host belonging to a specific range on the internal IPv6 network can communicate exclusively with the web server and FTP server.

Additionally, all internal clients can access the Internet.

Prerequisites

Before you begin to configure IPv6, go through the following steps:

  1. Obtain an IPv6 /48 global routing prefix, commonly known as a site prefix. To procure a 48-bit IPv6 site prefix for your organization simply liaise with your ISP.

  2. Design a subnetting plan for your organization's IPv6 network using a 16-bit subnet ID, allowing for up to 65 535 subnets. The specific scheme will depend on the network's size, structure, and the organization's needs.

At this stage, the following installation and configuration conditions are assumed:

  • You have administrative access to the GUI or CLI.

  • The FortiGate unit is incorporated into your WAN or other networks, but for simplicity, only the standalone ForiGate configuration is displayed.

Topology

The following topology is used for this example:

  • The company is assigned the site prefix of 2001:db8:d0c::/48 by their ISP.

  • The IPv6 address for the Web Server is 2001:db8:d0c:3::1/64.

  • The IPv6 address for the FTP Server is 2001:db8:d0c:3::2/64.

  • The IPv6 address for the TFTP Server is 2001:db8:d0c:3::3/64.

  • The range on the internal IPv6 network that can access both servers is from 2001:db8:d0c:2::1 to 2001:db8:d0c:2::32.

  • The IPv6 address of port1 is 2001:db8:d0c:1::1/64.

  • The IPv6 address of port2 is 2001:db8:d0c:2::f/64.

  • The IPv6 address of port3 is 2001:db8:d0c:3::f/64.

  • The IPv6 address of the default gateway is 2001:db8:d0c:1::f/64.

Caution

Please note that the IPv6 addresses used in this example are for illustrative purposes only and should not be used in your environment.

The 2001:db8::/32 prefix is a special IPv6 prefix designated for use in documentation examples. See RFC 3849 for more information.
To configure the example in the GUI:

  1. Configure the IPv6 address on port1, port2 and port3:

    1. Go to Network > Interfaces and edit port1.

    2. For IPv6 addressing Mode, select manual and enter the IPv6 Address/Prefix.

      IPv6 Address/Prefix 2001:db8:d0c:1::1/64

    3. Click OK.

    4. Repeat steps a and b for port2.

      IPv6 Address/Prefix 2001:db8:d0c:2::f/64

    5. Repeat steps a and b for port3.

      IPv6 Address/Prefix 2001:db8:d0c:3::f/64

  2. Configure the default route:

    1. Go to Network > Static Routes.

    2. Click Create New > IPv6 Static Route.

    3. Configure the following settings:

      Destination ::/0
      Gateway Address 2001:db8:d0c:1::f
      Interface port1

    4. Select OK.

  3. Configure the IPv6 firewall address for the Web Server:

    1. Go to Policy & Objects > Addresses and select IPv6 Address.

    2. Select Create new.

    3. Fill out the fields with the following information:

      Name Web_Server
      Type IPv6 Subnet
      IPv6 Address 2001:db8:d0c:3::1/128

    4. Select OK.

  4. Configure the IPv6 firewall address for the FTP Server:

    1. Go to Policy & Objects > Addresses and select IPv6 Address.

    2. Select Create new.

    3. Fill out the fields with the following information:

      Name FTP_Server
      Type IPv6 Subnet
      IPv6 Address 2001:db8:d0c:3::2/128

    4. Select OK.

  5. Configure the IPv6 address group, which includes both the Web and FTP servers:

    1. Go to Policy & Objects > Addresses and select IPv6 Address Group.

    2. Fill out the fields with the following information:

      Group name Custom_Server
      Members Web_Server, FTP_Server

    3. Select OK.

  6. Configure the IPv6 firewall address for the Internal IPv6 network range which can access both the Web and FTP server:

    1. Go to Policy & Objects > Addresses and select IPv6 Address.

    2. Select Create new.

    3. Fill out the fields with the following information:

      Name Internal_Custom_Range
      Type IPv6 Range
      IP Range 2001:db8:d0c:2::1 - 2001:db8:d0c:2::32

    4. Select OK.

  7. Configure the IPv6 firewall policy to allow IPv6 traffic from Internal_Custom_Range to Custom_Server:

    1. Go to Policy & Objects > Firewall Policy.

    2. Click Create New.

    3. Name the policy and configure the following parameters:

      Incoming Interface port2
      Outgoing Interface port3
      Source Internal_Custom_Range
      Destination Custom_Server
      Schedule always
      Service FTP, HTTPS
      Action ACCEPT

    4. Click OK.

  8. Configure the IPv6 firewall policy to allow IPv6 traffic from internal clients to the Internet:

    1. Go to Policy & Objects > Firewall Policy.

    2. Click Create New.

    3. Name the policy and configure the following parameters:

      Incoming Interface port2
      Outgoing Interface port1
      Source all
      Destination all
      Schedule always
      Service ALL
      Action ACCEPT

    4. Click OK.

To configure the example in the CLI:

  1. Configure the IPv6 address on port1, port2, and port3:

    config system interface
    edit "port1"
        config ipv6
            set ip6-address 2001:db8:d0c:1::1/64 
        end
    next
    edit "port2"
        config ipv6
            set ip6-address 2001:db8:d0c:2::f/64 
        end
    next
    edit "port3"
        config ipv6
            set ip6-address 2001:db8:d0c:3::f/64
        end
    next
end

  2. Configure the default route:

    config router static6
    edit 0
        set gateway 2001:db8:d0c:1::f
        set device "port1"
    next
end

  3. Configure the IPv6 firewall address for the Web Server:

    config firewall address6
    edit "Web_Server"
        set ip6 2001:db8:d0c:3::1/128
    next
end

  4. Configure the IPv6 firewall address for the FTP Server:

    config firewall address6
    edit "FTP_Server"
        set ip6 2001:db8:d0c:3::2/128
    next
end

  5. Configure the IPv6 address group, which includes for the Web and FTP Servers:

    config firewall addrgrp6
    edit "Custom_Server"
        set member "FTP_Server" "Web_Server"
    next
end

  6. Configure the IPv6 firewall address for the Internal IPv6 network range which can access both the Web and FTP Server:

    config firewall address6
    edit "Internal_Custom_Range"
        set type iprange
        set start-ip 2001:db8:d0c:2::1 
        set end-ip 2001:db8:d0c:2::32
    next
end

  7. Configure the IPv6 firewall policy to allow IPv6 traffic from Internal_Custom_Range to Custom_Server:

    config firewall policy
    edit 1
        set name "IPv6_internal_to_server"
        set srcintf "port2"
        set dstintf "port3"
        set action accept
        set srcaddr6 "Internal_Custom_Range"
        set dstaddr6 "Custom_Server"
        set schedule "always"
        set service "FTP" "HTTPS"
        set utm-status enable
        set logtraffic all
    next
end

  8. Configure the IPv6 firewall policy to allow IPv6 traffic from Internal clients to the Internet:

    config firewall policy
    edit 1
        set name "IPv6_internal_to_internet"
        set srcintf "port2"
        set dstintf "port1"
        set action accept
        set srcaddr6 "all"
        set dstaddr6 "all"
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set logtraffic all
    next
end

Verification

The following commands can be used to verify that IPv6 traffic is entering and leaving the FortiGate as expected. See Debugging the packet flow for more information.

diagnose debug enable 
diagnose debug flow trace start6 200

The output below indicates that hosts belonging to the Internal_Custom_Range can successfully reach both the Web_Server and FTP_Server defined in the Custom_Server address group.

However, they are unable to reach the TFTP server, as it is not included in the Custom_Server group. Furthermore, hosts with IPv6 addresses that do not belong to the Internal_Custom_Range are not able to access Custom_Server.

Host belonging to Internal_Custom_Range accessing Web_Server:
id=65308 trace_id=21 func=resolve_ip6_tuple_fast line=4962 msg="vd-root:0 received a packet(proto=6, 2001:db8:d0c:2::1:55114->2001:db8:d0c:3::1:443) from port2."
id=65308 trace_id=21 func=resolve_ip6_tuple line=5102 msg="allocate a new session-0000006b"
id=65308 trace_id=21 func=ip6_route_input line=2186 msg="find a route: gw-:: via port3 err 0 flags 40000001"
id=65308 trace_id=21 func=fw6_forward_handler line=501 msg="Check policy between port2 -> port3"
id=65308 trace_id=21 func=fw6_forward_handler line=638 msg="Allowed by Policy-1:"
Host belonging to Internal_Custom_Range accessing FTP_Server:
id=65308 trace_id=6 func=resolve_ip6_tuple_fast line=4962 msg="vd-root:0 received a packet(proto=6, 2001:db8:d0c:2::32:50982->2001:db8:d0c:3::2:21) from port2."
id=65308 trace_id=6 func=resolve_ip6_tuple line=5102 msg="allocate a new session-00000053"
id=65308 trace_id=6 func=ip6_route_input line=2186 msg="find a route: gw-:: via port3 err 0 flags 40000001"
id=65308 trace_id=6 func=fw6_forward_handler line=501 msg="Check policy between port2 -> port3"
id=65308 trace_id=6 func=fw6_forward_handler line=638 msg="Allowed by Policy-1:"
Host belonging to Internal_Custom_Range accessing TFTP Server:
id=65308 trace_id=17 func=resolve_ip6_tuple_fast line=4962 msg="vd-root:0 received a packet(proto=17, 2001:db8:d0c:2::32:65316->2001:db8:d0c:3::3:69) from port2."
id=65308 trace_id=17 func=resolve_ip6_tuple line=5102 msg="allocate a new session-00000055"
id=65308 trace_id=17 func=ip6_route_input line=2186 msg="find a route: gw-:: via port3 err 0 flags 40000001"
id=65308 trace_id=17 func=fw6_forward_handler line=501 msg="Check policy between port2 -> port3"
id=65308 trace_id=17 func=fw6_forward_handler line=530 msg="Denied by forward policy check"
Host not belonging to Internal_Custom_Range accessing FTP_Server:
id=65308 trace_id=1 func=resolve_ip6_tuple_fast line=4962 msg="vd-root:0 received a packet(proto=6, 2001:db8:d0c:2::33:52555->2001:db8:d0c:3::2:21) from port2."
id=65308 trace_id=1 func=resolve_ip6_tuple line=5102 msg="allocate a new session-0000004d"
id=65308 trace_id=1 func=ip6_route_input line=2186 msg="find a route: gw-:: via port3 err 0 flags 40000001"
id=65308 trace_id=1 func=fw6_forward_handler line=501 msg="Check policy between port2 -> port3"
id=65308 trace_id=1 func=fw6_forward_handler line=530 msg="Denied by forward policy check"
Internal clients accessing the Internet:

The output below indicates that internal clients can successfully reach the internet.

  1. Go to Log & Report > Forward Traffic.

  2. View the log details in the GUI, or download the log file:

    1: date=2023-05-10 time=13:22:54 eventtime=1683750174692262952 tz="-0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=2001:db8:d0c:2::1 srcport=64780 srcintf="port2" srcintfrole="undefined" dstip=64:ff9b::83fd:21c8 dstport=443 dstintf="port1" dstintfrole="undefined" sessionid=15723 proto=6 action="close" policyid=2 policytype="policy" poluuid="ea8a972e-d7e9-51ed-9b29-757f04e7194c" policyname="IPv6_internal_to_internet" srccountry="Reserved" service="HTTPS" trandisp="noop" duration=3 sentbyte=47192 rcvdbyte=13199 sentpkt=49 rcvdpkt=48 appcat="unscanned"
2: date=2023-05-10 time=13:19:47 eventtime=1683749987902192921 tz="-0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=2001:db8:d0c:2::33 srcport=51246 srcintf="port2" srcintfrole="undefined" dstip=64:ff9b::349f:31c7 dstport=443 dstintf="port1" dstintfrole="undefined" sessionid=15126 proto=6 action="close" policyid=2 policytype="policy" poluuid="ea8a972e-d7e9-51ed-9b29-757f04e7194c" policyname="IPv6_internal_to_internet" srccountry="Reserved" service="HTTPS" trandisp="noop" duration=59 sentbyte=5109 rcvdbyte=7726 sentpkt=13 rcvdpkt=11 appcat="unscanned"
Previous
Next

IPv6 quick start example

In this example, a host belonging to a specific range on the internal IPv6 network can communicate exclusively with the web server and FTP server.

Additionally, all internal clients can access the Internet.

Prerequisites

Before you begin to configure IPv6, go through the following steps:

  1. Obtain an IPv6 /48 global routing prefix, commonly known as a site prefix. To procure a 48-bit IPv6 site prefix for your organization simply liaise with your ISP.

  2. Design a subnetting plan for your organization's IPv6 network using a 16-bit subnet ID, allowing for up to 65 535 subnets. The specific scheme will depend on the network's size, structure, and the organization's needs.

At this stage, the following installation and configuration conditions are assumed:

  • You have administrative access to the GUI or CLI.

  • The FortiGate unit is incorporated into your WAN or other networks, but for simplicity, only the standalone ForiGate configuration is displayed.

Topology

The following topology is used for this example:

  • The company is assigned the site prefix of 2001:db8:d0c::/48 by their ISP.

  • The IPv6 address for the Web Server is 2001:db8:d0c:3::1/64.

  • The IPv6 address for the FTP Server is 2001:db8:d0c:3::2/64.

  • The IPv6 address for the TFTP Server is 2001:db8:d0c:3::3/64.

  • The range on the internal IPv6 network that can access both servers is from 2001:db8:d0c:2::1 to 2001:db8:d0c:2::32.

  • The IPv6 address of port1 is 2001:db8:d0c:1::1/64.

  • The IPv6 address of port2 is 2001:db8:d0c:2::f/64.

  • The IPv6 address of port3 is 2001:db8:d0c:3::f/64.

  • The IPv6 address of the default gateway is 2001:db8:d0c:1::f/64.

Caution

Please note that the IPv6 addresses used in this example are for illustrative purposes only and should not be used in your environment.

The 2001:db8::/32 prefix is a special IPv6 prefix designated for use in documentation examples. See RFC 3849 for more information.
To configure the example in the GUI:

  1. Configure the IPv6 address on port1, port2 and port3:

    1. Go to Network > Interfaces and edit port1.

    2. For IPv6 addressing Mode, select manual and enter the IPv6 Address/Prefix.

      IPv6 Address/Prefix 2001:db8:d0c:1::1/64

    3. Click OK.

    4. Repeat steps a and b for port2.

      IPv6 Address/Prefix 2001:db8:d0c:2::f/64

    5. Repeat steps a and b for port3.

      IPv6 Address/Prefix 2001:db8:d0c:3::f/64

  2. Configure the default route:

    1. Go to Network > Static Routes.

    2. Click Create New > IPv6 Static Route.

    3. Configure the following settings:

      Destination ::/0
      Gateway Address 2001:db8:d0c:1::f
      Interface port1

    4. Select OK.

  3. Configure the IPv6 firewall address for the Web Server:

    1. Go to Policy & Objects > Addresses and select IPv6 Address.

    2. Select Create new.

    3. Fill out the fields with the following information:

      Name Web_Server
      Type IPv6 Subnet
      IPv6 Address 2001:db8:d0c:3::1/128

    4. Select OK.

  4. Configure the IPv6 firewall address for the FTP Server:

    1. Go to Policy & Objects > Addresses and select IPv6 Address.

    2. Select Create new.

    3. Fill out the fields with the following information:

      Name FTP_Server
      Type IPv6 Subnet
      IPv6 Address 2001:db8:d0c:3::2/128

    4. Select OK.

  5. Configure the IPv6 address group, which includes both the Web and FTP servers:

    1. Go to Policy & Objects > Addresses and select IPv6 Address Group.

    2. Fill out the fields with the following information:

      Group name Custom_Server
      Members Web_Server, FTP_Server

    3. Select OK.

  6. Configure the IPv6 firewall address for the Internal IPv6 network range which can access both the Web and FTP server:

    1. Go to Policy & Objects > Addresses and select IPv6 Address.

    2. Select Create new.

    3. Fill out the fields with the following information:

      Name Internal_Custom_Range
      Type IPv6 Range
      IP Range 2001:db8:d0c:2::1 - 2001:db8:d0c:2::32

    4. Select OK.

  7. Configure the IPv6 firewall policy to allow IPv6 traffic from Internal_Custom_Range to Custom_Server:

    1. Go to Policy & Objects > Firewall Policy.

    2. Click Create New.

    3. Name the policy and configure the following parameters:

      Incoming Interface port2
      Outgoing Interface port3
      Source Internal_Custom_Range
      Destination Custom_Server
      Schedule always
      Service FTP, HTTPS
      Action ACCEPT

    4. Click OK.

  8. Configure the IPv6 firewall policy to allow IPv6 traffic from internal clients to the Internet:

    1. Go to Policy & Objects > Firewall Policy.

    2. Click Create New.

    3. Name the policy and configure the following parameters:

      Incoming Interface port2
      Outgoing Interface port1
      Source all
      Destination all
      Schedule always
      Service ALL
      Action ACCEPT

    4. Click OK.

To configure the example in the CLI:

  1. Configure the IPv6 address on port1, port2, and port3:

    config system interface
    edit "port1"
        config ipv6
            set ip6-address 2001:db8:d0c:1::1/64 
        end
    next
    edit "port2"
        config ipv6
            set ip6-address 2001:db8:d0c:2::f/64 
        end
    next
    edit "port3"
        config ipv6
            set ip6-address 2001:db8:d0c:3::f/64
        end
    next
end

  2. Configure the default route:

    config router static6
    edit 0
        set gateway 2001:db8:d0c:1::f
        set device "port1"
    next
end

  3. Configure the IPv6 firewall address for the Web Server:

    config firewall address6
    edit "Web_Server"
        set ip6 2001:db8:d0c:3::1/128
    next
end

  4. Configure the IPv6 firewall address for the FTP Server:

    config firewall address6
    edit "FTP_Server"
        set ip6 2001:db8:d0c:3::2/128
    next
end

  5. Configure the IPv6 address group, which includes for the Web and FTP Servers:

    config firewall addrgrp6
    edit "Custom_Server"
        set member "FTP_Server" "Web_Server"
    next
end

  6. Configure the IPv6 firewall address for the Internal IPv6 network range which can access both the Web and FTP Server:

    config firewall address6
    edit "Internal_Custom_Range"
        set type iprange
        set start-ip 2001:db8:d0c:2::1 
        set end-ip 2001:db8:d0c:2::32
    next
end

  7. Configure the IPv6 firewall policy to allow IPv6 traffic from Internal_Custom_Range to Custom_Server:

    config firewall policy
    edit 1
        set name "IPv6_internal_to_server"
        set srcintf "port2"
        set dstintf "port3"
        set action accept
        set srcaddr6 "Internal_Custom_Range"
        set dstaddr6 "Custom_Server"
        set schedule "always"
        set service "FTP" "HTTPS"
        set utm-status enable
        set logtraffic all
    next
end

  8. Configure the IPv6 firewall policy to allow IPv6 traffic from Internal clients to the Internet:

    config firewall policy
    edit 1
        set name "IPv6_internal_to_internet"
        set srcintf "port2"
        set dstintf "port1"
        set action accept
        set srcaddr6 "all"
        set dstaddr6 "all"
        set schedule "always"
        set service "ALL"
        set utm-status enable
        set logtraffic all
    next
end

Verification

The following commands can be used to verify that IPv6 traffic is entering and leaving the FortiGate as expected. See Debugging the packet flow for more information.

diagnose debug enable 
diagnose debug flow trace start6 200

The output below indicates that hosts belonging to the Internal_Custom_Range can successfully reach both the Web_Server and FTP_Server defined in the Custom_Server address group.

However, they are unable to reach the TFTP server, as it is not included in the Custom_Server group. Furthermore, hosts with IPv6 addresses that do not belong to the Internal_Custom_Range are not able to access Custom_Server.

Host belonging to Internal_Custom_Range accessing Web_Server:
id=65308 trace_id=21 func=resolve_ip6_tuple_fast line=4962 msg="vd-root:0 received a packet(proto=6, 2001:db8:d0c:2::1:55114->2001:db8:d0c:3::1:443) from port2."
id=65308 trace_id=21 func=resolve_ip6_tuple line=5102 msg="allocate a new session-0000006b"
id=65308 trace_id=21 func=ip6_route_input line=2186 msg="find a route: gw-:: via port3 err 0 flags 40000001"
id=65308 trace_id=21 func=fw6_forward_handler line=501 msg="Check policy between port2 -> port3"
id=65308 trace_id=21 func=fw6_forward_handler line=638 msg="Allowed by Policy-1:"
Host belonging to Internal_Custom_Range accessing FTP_Server:
id=65308 trace_id=6 func=resolve_ip6_tuple_fast line=4962 msg="vd-root:0 received a packet(proto=6, 2001:db8:d0c:2::32:50982->2001:db8:d0c:3::2:21) from port2."
id=65308 trace_id=6 func=resolve_ip6_tuple line=5102 msg="allocate a new session-00000053"
id=65308 trace_id=6 func=ip6_route_input line=2186 msg="find a route: gw-:: via port3 err 0 flags 40000001"
id=65308 trace_id=6 func=fw6_forward_handler line=501 msg="Check policy between port2 -> port3"
id=65308 trace_id=6 func=fw6_forward_handler line=638 msg="Allowed by Policy-1:"
Host belonging to Internal_Custom_Range accessing TFTP Server:
id=65308 trace_id=17 func=resolve_ip6_tuple_fast line=4962 msg="vd-root:0 received a packet(proto=17, 2001:db8:d0c:2::32:65316->2001:db8:d0c:3::3:69) from port2."
id=65308 trace_id=17 func=resolve_ip6_tuple line=5102 msg="allocate a new session-00000055"
id=65308 trace_id=17 func=ip6_route_input line=2186 msg="find a route: gw-:: via port3 err 0 flags 40000001"
id=65308 trace_id=17 func=fw6_forward_handler line=501 msg="Check policy between port2 -> port3"
id=65308 trace_id=17 func=fw6_forward_handler line=530 msg="Denied by forward policy check"
Host not belonging to Internal_Custom_Range accessing FTP_Server:
id=65308 trace_id=1 func=resolve_ip6_tuple_fast line=4962 msg="vd-root:0 received a packet(proto=6, 2001:db8:d0c:2::33:52555->2001:db8:d0c:3::2:21) from port2."
id=65308 trace_id=1 func=resolve_ip6_tuple line=5102 msg="allocate a new session-0000004d"
id=65308 trace_id=1 func=ip6_route_input line=2186 msg="find a route: gw-:: via port3 err 0 flags 40000001"
id=65308 trace_id=1 func=fw6_forward_handler line=501 msg="Check policy between port2 -> port3"
id=65308 trace_id=1 func=fw6_forward_handler line=530 msg="Denied by forward policy check"
Internal clients accessing the Internet:

The output below indicates that internal clients can successfully reach the internet.

  1. Go to Log & Report > Forward Traffic.

  2. View the log details in the GUI, or download the log file:

    1: date=2023-05-10 time=13:22:54 eventtime=1683750174692262952 tz="-0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=2001:db8:d0c:2::1 srcport=64780 srcintf="port2" srcintfrole="undefined" dstip=64:ff9b::83fd:21c8 dstport=443 dstintf="port1" dstintfrole="undefined" sessionid=15723 proto=6 action="close" policyid=2 policytype="policy" poluuid="ea8a972e-d7e9-51ed-9b29-757f04e7194c" policyname="IPv6_internal_to_internet" srccountry="Reserved" service="HTTPS" trandisp="noop" duration=3 sentbyte=47192 rcvdbyte=13199 sentpkt=49 rcvdpkt=48 appcat="unscanned"
2: date=2023-05-10 time=13:19:47 eventtime=1683749987902192921 tz="-0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=2001:db8:d0c:2::33 srcport=51246 srcintf="port2" srcintfrole="undefined" dstip=64:ff9b::349f:31c7 dstport=443 dstintf="port1" dstintfrole="undefined" sessionid=15126 proto=6 action="close" policyid=2 policytype="policy" poluuid="ea8a972e-d7e9-51ed-9b29-757f04e7194c" policyname="IPv6_internal_to_internet" srccountry="Reserved" service="HTTPS" trandisp="noop" duration=59 sentbyte=5109 rcvdbyte=7726 sentpkt=13 rcvdpkt=11 appcat="unscanned"
Previous
Next