Monday, September 9, 2013

SSLVPN forticlient ipv6

In this blog, we will look at my  attempt with ipv6 assignments and with fortinet's fortigate/forticlient.

1st

I had serious challenges with getting the client to accept a ipv6 address. Fortinet TAC was called in for support and struggle with assisting me. So far , we are isolating if the problem is; " the  fortigate or the forticlient ".


Here's the  vpn ssl configs;



and;




And here's the static routes and address6 details;


Now originally when connecting,  I was only getting a ipv4 address. The FWF60D was NOT  reflecting this in the diag show commands btw;

e.g


So in our webUI, the  ssl monitor showed the following;



So at this point it was confusing as to what/why the client was not seeing any ipv6 assignments. Fortinet KB was also not of any help. So TAC was called in.

The logs didn't give any clue as to any errors or issues;



Stay tuned, we see what TAC proposes and so far I was not impressed with the TAC. They where trying to proposed that I can't assign a ipv4 and ipv6 address at the same. The fortigate actually kicks a error if you  remove the ipv4-pool and enable a ipv6-pool-only.


I will keep you posted on any developments on this front.


Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(  @   @ )=
          o
       /     \

6 comments:

  1. Did you ever get resolution on this? I have the same issue, and the ipv6 stack in the fortissl adapter becomes disabled as soon as I connect to the SSL tunnel.

    ReplyDelete
  2. Glenn

    No I haven't spent too much time on this. Now that 5.2GA is out I will re-test. Stay in tune and thanks for the reply.

    ReplyDelete
  3. Did you finally get a chance to try it out using 5.2GA? I am battling with the same issues.

    ReplyDelete
  4. Was this ever resolved? This seems to still not work on FortiOS V6 as only IPV4 addresses are dolled out in a dual stack configuration.

    ReplyDelete
  5. Did this ever get resolved? This still seems to be an issue on FortiOS 6. Only IPV4 addressed get dolled out in a dual stack configuration.

    ReplyDelete
  6. Nothing was ever given back by FTNTsupport. I will try to do some more testing in the next weeks on this and in FortiOS v6.0 and hope to post my findings.Thanks for reviewing this blog

    ReplyDelete