We just enabled IPv6 on the FortiMail and inbound and outbound mail works great. However, connecting via http or https is not working. It's almost like the bindings are not right.
I wish I could run a "netstat -na | grep :443.*LISTEN" but that doesn't seem to be an option. If I do an "execute telnettest fm.ipv6.example.com:25" (substitute my domain for example.com, obviously), it connects fine with a "Connected" message and an SMTP banner. If I do "execute telnettest fm.ipv6.example.com:443" it instantly rejects it with a "Connection refused" message.
I know it's not a firewall issue, because I'm connecting from the FortiMail to itself... the packet never leaves the box.
If I do the same commands with my IPv4 address it connects fine to https. Here's the output of my config:
config system interface edit port1 set type physical set mode static set ip
I'm guessing a reboot might fix it, but I don't really want to do that if I can avoid it. We're on version v5.3,build627,161208 (5.3.8 GA)
Tested in lab v5.3.8 no issue accessing FML ipv6 http and https. Could you please double check your env?
Presumably "check your env" is cool-guy lingo for "check your environment" (kind of like when my 11-year-old says "what evs" instead of "whatever."
Not sure what that means anyway... of course I double-checked before I bothered to post this message.
I do know that fm.ipv6.example.com resolves to only the IPv6 name, and that running "execute telnettest fm.ipv6.example.com:80" gives me a connection failed whereas running "execute telnettest fm.ipv6.example.com:25" succeeds. I would have tested using just the IPv6 address rather than a hostname, but FML doesn't seem to support the bracket notation -- e.g., [2001:db8::1]:80
Thanks for mentioning that it is working okay on your v5.3.8. Did you happen to have rebooted between applying the IPv6 address and doing your test?
I fixed it. It did need a "hiccup." I probably could have rebooted it, but instead I went and changed the http port to 81, then changed it back to 80. That fixed port 80. Then I went and changed https to port 444. Then I changed it back to 443, which fixed https. My guess is that changing the port number resets the listening daemon, which makes it re-bind to the addresses now present on the box--even the ones that weren't there when the daemon started previously. Viola.
Products Solutions Support Partners Threat Research Contact Us