# config system interface2) Enable NAT64 globally (note that the default prefix for NAT64 is 64:ff9b::/96).
edit "port1"
set vdom "root"
set ip 172.31.18.63 255.255.252.0
set allowaccess ping https ssh http telnet
set type physical
set snmp-index 1
next
edit "port2"
set vdom "root"
set allowaccess ping https ssh http telnet
set type physical
set snmp-index 2
# config ipv6
set ip6-allowaccess ping https ssh http telnet
set ip6-address 2001:1:2:3::1/64
set ip6-send-adv enable
set ip6-other-flag enable
# config ip6-prefix-list
edit 2001:1:2:3::/64
set autonomous-flag enable
set onlink-flag enable
next
end
end
end
# config system nat643) Enable recursive DNS server on FortiGate for DNS64 feature (A to AAAA record translation).
set status enable
end
# config system dns-server4) Create Pv4 Pool for outgoing IPv4 translation.
edit "port2"
set mode recursive
next
end
# config firewall ippool5) Create Firewall object for internal IPV6 network.
edit "exit-pool4"
set startip 172.31.18.63
set endip 172.31.18.63
next
end
# config firewall address66) Create policy64.
edit "internal-net6"
set ip6 2001:1:2:3::/64
next
end
# config firewall policy64Verification.
edit 1
set srcintf "port2"
set dstintf "port1"
set srcaddr "internal-net6"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set ippool enable
set poolname "exit-pool4"
next
end
$ ifconfigClient host uses the FortiGate as DNS server. It is able to resolve Internet IPv4 hostname, the FortiGate translates IPv4 DNS record (A) to IPv6 DNS record (AAAA).
eth0 Link encap:Ethernet HWaddr 08:00:27:00:5b:c1
inet6 addr: 2001:1:2:3:a00:27ff:fe00:5bc1/64 Scope:Global
~$ host www.google.comClient host has IPv6 connectivity to 64:ff9b::d83a:d864.
www.google.com has address 216.58.216.100
www.google.com has IPv6 address 64:ff9b::d83a:d864
$ ping6 64:ff9b::d83a:d864Client host is able to browse IPv4 Internet.
PING 64:ff9b::d83a:d864(64:ff9b::d83a:d864) 56 data bytes
64 bytes from 64:ff9b::d83a:d864: icmp_seq=1 ttl=49 time=139 ms
64 bytes from 64:ff9b::d83a:d864: icmp_seq=2 ttl=49 time=143 ms
64 bytes from 64:ff9b::d83a:d864: icmp_seq=3 ttl=49 time=139 ms
^C
--- 64:ff9b::d83a:d864 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.