IPv6 stateless address auto-configuration (SLAAC)
FortiGate can easily obtain an IPv6 address on any given interface using SLAAC (stateless address auto-configuration). SLAAC is designed only for IP assignments and does not provide DNS server addresses to hosts. See RFC 4862 for more information.
Use one of the following options to obtain a DNS server address:
In this example, Server-Fgt is connected to Client-Fgt. Server-Fgt has SLAAC enabled, which allows Client-Fgt to automatically obtain an IPv6 address using the auto-configuration IPv6 address option.
To enable IPv6 auto-configuration in the GUI:
-
Configure SLAAC on Server-Fgt:
-
Go to Network > Interfaces and edit port5.
-
Configure the following settings:
IPv6 addressing mode
Manual
IPv6 Address/Prefix
2001:db8:d0c:1::1/64
Stateless Address Auto-configuration (SLAAC)
Enable
IPv6 prefix list
Enable
IPv6 prefix
2001:db8:d0c:1::/64
-
Click OK.
-
-
Configure Client-Fgt to automatically obtain an IPv6 address:
-
Go to Network > Interfaces and edit port5.
-
Enable Auto configure IPv6 address. Client-Fgt uses the prefix that it obtains from the Server-Fgt interface, and automatically generates an IPv6 address.
-
-
Verify that Client-Fgt automatically generated an IPv6 address:
-
Go to Network > Interfaces and edit port5. The IPv6 Address/Prefix field is populated with an IPv6 address.
-
To enable IPv6 auto-configuration in the CLI:
-
Configure SLAAC on Server-Fgt:
config system interface edit "port5" config ipv6 set ip6-address 2001:db8:d0c:1::1/64 set ip6-send-adv enable config ip6-prefix-list edit 2001:db8:d0c:1::/64 next end end next end -
Configure Client-Fgt to automatically obtain an IPv6 address:
config system interface edit "port5" config ipv6 set autoconf enable end next end -
Verify that Client-Fgt automatically generated an IPv6 address:
# diagnose ipv6 address list | grep port5 dev=4 devname=port5 flag= scope=0 prefix=64 addr=2001:db8:d0c:1:20c:29ff:fe4d:f83d preferred=604419 valid=2591619 cstamp=976270 tstamp=979470