I have a similar request! I need dhcpv6 IA_PD option for Comcast to work properly. I paid a ton of money for my fortigate unit (considering im a hardcore home user) and just wanted capable equipment that's fast and reliable with three years of utm services and support. I assumed by now these routers would be able to to run dual stack fairly simply by selecting the options required by the ISP, Comcast in my case just as in ipv4. I hear a lot of talk about how similar ipv6 is to ipv4.... If they are so similar why doesn't it just work like ipv4? Network gurus at Fortinet cant preconfigure the interfaces for ipv6 as in ipv4? Or do some research and have straight forward guides on exacty how to configure the wan interface and lan interface via the gui or cli something concrete that works? I realize there are differences in networks and how interfaces are set up and going to be used, but if that is the problem or complexity of establishing a ipv6 connection set on dhcp on wan and dhcp on lan and not have proper connectivity, like ipv4, what's the use? For ipv4, as soon as I hooked up the unit when I recieved it, the wan interface set on dhcp was assigned an ip address the nessecary policies were already configured and boom, all the devices in my home, and there are quite a few, were assigned addresses and connecting to the internet! believe me I don't say this without having already trying numerous configurations and done tons of reading of all kinds of fotinet docs and web blogs , forums ipv6 sites etc. I think for ipv6 to work properly I need the following to be supported by my router.
if your local Comcast system and your cable modem support IPv6 --
- A computer connected directly to the modem should get a /128
- A router that supports IPv6, DHCPv6 and Prefix Delegation (PD) should get a /64 block of addresses.
The router's WAN interface will get a/128, the router will get a /64 for the LAN side. If you have a router that supports IA_PD your router can request anything from /64- /60.. So if you have more than 1 LAN interface you can have more /64s.
I personally currently have set my ipv6 mode on Wan1 set to dhcp. I get a /128 address. With no IA_PD option ipv6 will not work properly. I have all the recommended policies enabled to allow ipv6 traffic flow the best I know how. And believe me I've played around with this enough to give up on it. my current ipv6 lan config is below
set ip6-allowaccess ping https ssh snmp http fgfm capwap
set ip6-retrans-time 4000
set ip6-address fd0b:7186::/64
set ip6-send-adv enable
set autonomous-flag enable
set onlink-flag enable
as a last resort with that configuration being my last attempt to completely abandon ipv6. I decided to turn NAT on for my ipv6 traffic policies and got clients to have some ipv6 connectivity. Why? I've read NAT is not needed for ipv6! But that must pertain to properly configured ipv6 set ups. so I can access some sites, not all, browsers prefer, and go to ipv4 instead of 6 unless you specify an ipv6 address. ipv6 test sites, Netalizer etc., report problems with icmp filtering which I've tried to disable to fix those errors, then there are DNS errors which I have no idea, not connecting at all to some sites and always using ipv4 over ipv6 when both are avaible. I'm sure all the problems that remain are tied to the unsupported ipv6 IA_PD on the fortigate unit. sounds like the next update for forti os doesn't address an of these issues if I read the release notes correctly. there is one thing we account on for now though, and that is that IPV4 still works, is esay to set up and automatic on amost all devices and is supported by just about every device.