So you want to try ipv6 but your local provider has no IPv6 capabilities. Use the Hurricane Electric tunnelbroker and build a sit tunnel. HurricaneElectric https://tunnelbroker.net/
1st lets understand what SIT means.
Okay that's what SIT tunnel means and does. So on to the HE tunnel broker the request is simple to execute just make sure the ipv4 outer address on your fortigate is allowing pings.
HE tunnel assignment with a /48 allocation;
Okay now that you have the HE pieces, you can configure the fortios settings. Since I want to test the /48 allocation, I will assign a /64 subnet to a loop back and configure it for icmp6 and a firewall policy. Keep in mind since fortios0 6.4 ipv4/ipv6 policy are now done from with the same hierarchy from the CLI. no more "config firewall polic6"
sys sit-tunnel cfg and loopback ( notice allowaccess ping was set )
A firewall policy to allow for my testing ;
Okay let's looking over ipv6 route table and do some basic checks
here's some ping6 and traceroute6 test using the fortigate and loopback address;
Here's me testing from KeyCDN tools for simultaneous pings/traceroutes
This was all done on a FGT100E and with an attach with a tunnel endpoint in EU region.
HE will give you the option to create up to 5 unique sit-tunnels.
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment