I'm currently running ipv6 at 2 unique setups. One setup has a 2 edge-routers and 2 Fortigates in a A-P cluster and running opsfv3. I wanted to enable OPSFv3 w/authenticate, since I just enable a ASA that sits on that same OSPFv3 area 0 bkbone.
What I found out was a big surprise. Fortinet dropped the ball with OPSFv3 security features & with being support in their firewalls. I was honesty shocked upon finding out this limitation.
Here's a direct quote from Fortinet-TAC after they spent 4 days investigating;
I just received an answer from our specialist. Fortigate does not
accept OSPFv3 authentication via ipsec+AH. So far, we cannot tell you
when this feature will be available.
Please let us know if you need more information or if there is anything else we can help you with.
If this solves your issue, please update the ticket with the information so that we may close this ticket. Thank you.
Fortinet TAC Engineer, Americas
Monday - Friday, 8:00am-5:00pm (Pacific)
Tech Support: 1-866-648-4638
Is this okay ? Nope, not really;
Fortinet has had ipv6 functions and routing in their firewalls for some quite time. As a matter of fact, I've been using IPV6 ( static routed ) since MR6 Patch 6 & in a FWF60 model.
So I find it funny, that Fortigate has been IPv6 aware since the late version 3 code. And then again Ipv6 OSPFv3 routing support for some time. But some how they missed this basic security feature?
For what it's worth, Juniper , Cisco, H3C, and cisco's own ASA has OSPFv3 authentication support, but when compared to the simple and highly respected Fortigate Security Gateway, this is not doable.
Freelance Network and Security Engineer
kfelix" at " hyperfeed.com