Topic Thread

Next Generation Firewall (NGFW)

 View Only
  • 1.  NAT64

    Posted 02-05-2020 14:33
    Hello, I'm new to the community.
    I am currently doing a lab with IPv6, seeing that fortigate has the characteristic of doing NAT64, I have version 6.2.0

    I have followed the guide of this link:
    https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/443324/nat64-policy-and-dns64-dns-proxy

    But I have some variants regarding the topology, the internal interface is a vlan as well as the external one.

    I have navigation via IPv6, I have enabled my dns server for DNS64, but when I want to go to an IPv4 site the fortigate apparently does not perform the translation.
    When I query an IPv4 site, my DNS server sends me the AAAA record: 64: ff9b :: 36cb: 46c9, but I get the impression that the fortigate doesn't know how to translate from 6 to 4. In the policy log NAT64 I have no match.

    For a better visualization see the following diagram, hehehe I did it fast.



    Any help is welcome.