Tag Archives: DNSSL

PAN NGFW IPv6 NDP RA RDNSS & DNSSL

Haha, do you like acronyms as much as I do? This article is about the feature from Palo Alto Networks’ Next-Generation Firewall for Internet Protocol version 6 Neighbor Discovery Protocol Router Advertisements with Recursive Domain Name System Server and Domain Name System Search List options. ;) I am showing how to use it and how Windows and Linux react on it.

Continue reading PAN NGFW IPv6 NDP RA RDNSS & DNSSL

Basic IPv6 Configuration on a FortiGate Firewall

It’s really great that the FortiGate firewalls have a DHCPv6 server implemented. With this mandatory service, IPv6-only networks can be deployed directly behind a FortiGate because the stateless DHCPv6 server provides the DNS server addresses. (This is unlike Palo Alto or Cisco which have no DHCPv6 server implemented.)

UPDATE: In the meantime Fortinet has implemented the RDNSS and DNSSL options as well. Great. Hence you don’t need DHCPv6 at all anymore to run an IPv6-only network. I updated my listings below as well.

However, the configuration on the FortiGate is really bad because nothing of the IPv6 features can be set via the GUI. (And this is called a Next-Generation Firewall? Not only the features count, but also the usability!) Everything must be done through the CLI which is sometimes hard to remember. Therefore I am publishing this memo of the appropriate CLI configuration commands.

Continue reading Basic IPv6 Configuration on a FortiGate Firewall