FSSO FortiGate FSSO supports connecting to an FSSO agent over IPv6 and collecting and sending IPv6 details about endpoints. This is all enforced the same way as IPv4 FSSO traffic. CLI config user fsso edit <fsso agent name> set source-ip6 <IPv6 address for source> end
Authentication support RADIUS FortiOS’s supports IPv6 RADIUS authentication. When configuring the FortiGate interface and the RADIUS server (under config system interface and config user radius respectively), the server IP address can be set as IPv6. Captive portal Captive portal supports IPv6. It works with remote RADIUS authentication and WiFi interfaces.
Obtaining IPv6 addresses from an IPv6 DHCP server From the CLI, you can configure any FortiGate interface to get an IPv6 address from an IPv6 DHCP server. For example, to configure the wan2 interface to get an IPv6 address from an IPv6 DHCP server enter the following command: config system interface edit wan2 config ipv6 […]
IPv6 forwarding Policies, IPS, Application Control, flow-based antivirus, web filtering, and DLP FortiOS fully supports flow-based inspection of IPv6 traffic. This includes full support for IPS, application control, virus scanning, and web filtering. To add flow-based inspection to IPv6 traffic go to Policy & Objects > IPv6 Policy and select Create New to add an […]
DHCPv6 You can use DHCP with IPv6 using the CLI. To configure DHCP, ensure IPv6 is enabled by going to System > Feature Visibility and enabling IPv6. Use the CLI command config system dhcp6 For more information on the configuration options, see the FortiGate CLI Reference. DHCP delegated mode Downstream IPv6 interfaces can receive address […]
IPv6 per-IP traffic shaper You can add any Per-IP traffic shaper to an IPv6 security policy using the following command: config firewall policy6 edit 0 set per-ip-shaper “new-perip-shaper” end
New Fortinet FortiGate IPv6 MIB fields The following IPv6 MIB fields have been added to the Fortinet FortiGate MIB. These MIB entries can be used to display IPv6 session and policy statistics. IPv6 Session Counters: fgSysSes6Count fgSysSes6Rate1 fgSysSes6Rate10 fgSysSes6Rate30 fgSysSes6Rate60 IPv6 Policy Statistics: fgFwPol6StatsTable fgFwPol6StatsEntry FgFwPol6StatsEntry fgFwPol6ID fgFwPol6PktCount fgFwPol6ByteCount IPv6 Session Statistics: fgIp6SessStatsTable fgIp6SessStatsEntry FgIp6SessStatsEntry […]
SIP over IPv6 FortiOS supports Sessions Initiate Protocol (SIP) over IPv6. The SIP application-level gateway (ALG) can process SIP messages that use IPv6 addresses in the headers, bodies, and in the transport stack. The SIP ALG cannot modify the IPv6 addresses in the SIP headers so FortiGate units cannot perform SIP or RTP NAT over […]