Secure Email Gateway

Expand all | Collapse all

IPv6 working for smtp; not for http/https

  • 1.  IPv6 working for smtp; not for http/https

    Posted May 30, 2017 10:44 AM

    We just enabled IPv6 on the FortiMail and inbound and outbound mail works great. However, connecting via http or https is not working. It's almost like the bindings are not right.

    I wish I could run a "netstat -na | grep :443.*LISTEN" but that doesn't seem to be an option. If I do an "execute telnettest fm.ipv6.example.com:25" (substitute my domain for example.com, obviously), it connects fine with a "Connected" message and an SMTP banner. If I do "execute telnettest fm.ipv6.example.com:443" it instantly rejects it with a "Connection refused" message.

    I know it's not a firewall issue, because I'm connecting from the FortiMail to itself... the packet never leaves the box.

    If I do the same commands with my IPv4 address it connects fine to https. Here's the output of my config:

    config system interface
    edit port1
    set type physical
    set mode static
    set ip 

    I'm guessing a reboot might fix it, but I don't really want to do that if I can avoid it. We're on version v5.3,build627,161208 (5.3.8 GA)



  • 2.  RE: IPv6 working for smtp; not for http/https

    Posted May 30, 2017 11:14 AM

    Tested in lab v5.3.8 no issue accessing FML ipv6 http and https. Could you please double check your env?

     

    Thanks,

    Moyuan



  • 3.  RE: IPv6 working for smtp; not for http/https

    Posted May 30, 2017 05:52 PM

    Presumably "check your env" is cool-guy lingo for "check your environment" (kind of like when my 11-year-old says "what evs" instead of "whatever."

    Not sure what that means anyway... of course I double-checked before I bothered to post this message.

    I do know that fm.ipv6.example.com resolves to only the IPv6 name, and that running "execute telnettest fm.ipv6.example.com:80" gives me a connection failed whereas running "execute telnettest fm.ipv6.example.com:25" succeeds. I would have tested using just the IPv6 address rather than a hostname, but FML doesn't seem to support the bracket notation -- e.g., [2001:db8::1]:80

    Thanks for mentioning that it is working okay on your v5.3.8. Did you happen to have rebooted between applying the IPv6 address and doing your test?



  • 4.  RE: IPv6 working for smtp; not for http/https

    Posted May 30, 2017 06:06 PM

    I fixed it. It did need a "hiccup." I probably could have rebooted it, but instead I went and changed the http port to 81, then changed it back to 80. That fixed port 80. Then I went and changed https to port 444. Then I changed it back to 443, which fixed https. My guess is that changing the port number resets the listening daemon, which makes it re-bind to the addresses now present on the box--even the ones that weren't there when the daemon started previously. Viola.



  • 5.  RE: IPv6 working for smtp; not for http/https

    Posted May 30, 2017 06:53 PM

    Good information



  • 6.  RE: IPv6 working for smtp; not for http/https

    Posted Oct 29, 2019 05:05 PM
    Yes you are right.
    I am asking Fortigate presenter here in Indonesia yesterday.
    To make consistency between product.
    For example grep only appear in Fortigate but not in Fortimail and any other product.
    This is problem when I want to search certain word in config
    Hope fixed in later firmware

    http://goo.gl/lhQjmU
    http://nbctcp.wordpress.com