IPv6 support
The features below support IPv6-to-IPv6 forwarding in different operation modes. See Planning the network topology for feature support in each operation mode.
NAT64 and NAT46 are supported only in Reverse Proxy mode. No matter the virtual server and the back-end server are in IPv4 or IPv6 addresses, or mixed with both, IPv4-to-IPv6 and IPv6-to-IPv4 forwarding are fully supported by the following features.
- IP/Netmask for all types of network interfaces and DNS settings
- Gateway and Destination IP/Mask for IP-layer static routes
- Virtual Server/V-zone
- Server Pool
- Protected Hostnames
- HTTP Server Policy
- X-Forwarded-For
- Client Management
- Cookie Security Policy
- Signatures
- Custom Policy
- Parameter Validation
- Hidden Fields Protection
- File Security
- HTTP Protocol Constraints
- URL Access
- API Gateway
- OpenAPI Validation
- Bot Mitigation Policy
- WebSocket Protocol
- Syntax-based SQL/XSS injection detection
- Man-in-the-Browser (MiTB) attacks
- Padding Oracle Protection
- Web Cache
- Acceleration
- Replacement Message
- CORS Protection
- Machine Learning - Anomaly Detection
- Machine Learning - Bot Detection
- FortiGate Quarantined IPs
- User tracking
- IP List (manual, individual IP blacklisting/whitelisting)
- File Compress
- Vulnerability scans
- Global Object White List
- Chunk decoding
- FortiGuard server IP overrides (see Connecting to FortiGuard services)
- URL Rewriting (also redirection)
- HTTP Authentication and LDAP, RADIUS, and NTLM profiles
- Geo IP
- DoS Prevention
- SNMP traps & queries
Features not yet supported are:
|
If a policy has any virtual servers or server pools that contain physical or domain servers with IPv6 addresses, it does not apply these features, even if they are selected. |
- Shared IP
- IP Reputation
- Known bots
- Firewall
- Log-based reports
- Alert email
- Syslog and FortiAnalyzer IP addresses
- NTP
- FTP immediate/scheduled
- SCEP
- Anti-defacement
- HA/Configuration sync
exec restoreexec backupexec tracerouteexec telnet