Next Generation Firewall (NGFW)

  • 1.  NAT64

    Posted Feb 05, 2020 02:33 PM
    Hello, I'm new to the community.
    I am currently doing a lab with IPv6, seeing that fortigate has the characteristic of doing NAT64, I have version 6.2.0

    I have followed the guide of this link:

    But I have some variants regarding the topology, the internal interface is a vlan as well as the external one.

    I have navigation via IPv6, I have enabled my dns server for DNS64, but when I want to go to an IPv4 site the fortigate apparently does not perform the translation.
    When I query an IPv4 site, my DNS server sends me the AAAA record: 64: ff9b :: 36cb: 46c9, but I get the impression that the fortigate doesn't know how to translate from 6 to 4. In the policy log NAT64 I have no match.

    For a better visualization see the following diagram, hehehe I did it fast.

    Any help is welcome.