FortiGate Version 3.0 MR4 Administration Guide
104 01-30004-0203-20070102
FortiGate IPv6 support System Network
Troubleshooting ARP Issues
Address Resolution Protocol (ARP) traffic is vital to communication on a network
and is enabled on FortiGate interfaces by default. Normally you want ARP packets
to pass through the FortiGate unit, especially if it is sitting between a client and a
server or between a client and a router.
Duplicate ARP packets
ARP traffic can cause problems, especially in Transparent mode where ARP
packets arriving on one interface are sent to all other interfaces, including VLAN
subinterfaces. Some Layer 2 switches become unstable when they detect the
same MAC address originating on more than one switch interface or from more
than one VLAN. This instability can occur if the Layer 2 switch does not maintain
separate MAC address tables for each VLAN. Unstable switches may reset
causing network traffic to slow down.
ARP Forwarding
One solution to this problem is to enable ARP forwarding. it can be enabled in the
GUI or CLI. In the GUI, go to System > Config > Operation and select ARP
Forwarding. For details on the CLI, see the FortiGate CLI Reference.
When enabled, the Fortigate unit allows duplicate ARP packets resolving the
previous delivery problems. However, this also opens up your network to potential
hacking attempts that spoof packets.
For more secure solutions, see the FortiGate VLANs and VDOMs Guide.
FortiGate IPv6 support
You can assign both an IPv4 and an IPv6 address to any interface on a FortiGate
unit. The interface functions as two interfaces, one for IPv4-addressed packets
and another for IPv6-addressed packets.
FortiGate units support static routing, periodic router advertisements, firewall
policies and tunneling of IPv6-addressed traffic over an IPv4-addressed network.
All of these features must be configured through the Command Line Interface
(CLI). See the
FortiGate CLI Reference for information on the following commands:
Table 4: IPv6 CLI commands
Feature CLI Command
Interface configuration, including periodic
router advertisements
config system interface
See the keywords beginning with “ip6”.
config ip6-prefix-list
Static routing config router static6
IPv6 tunneling config system ipv6_tunnel
Firewall config firewall address6
config firewall addrgrp6
config firewall policy6
Execute execute ping6
To Next Page
Loading...
Need help?
General