Monday, July 19, 2021

IPv6 on Fortigate breaking O365

Current FortiOS: 6.4.5 We received out /56 IPV6 from our ISP and I was trying to configure basic dual stack for my internal users. I configured the default IPV6 route, added an IPv6 address to one of our internal v4 interfaces, enabled DHCP6 statefull with cloudflare and google ipv6 dns servers, created the necessary rule from inside to outside allowing ALL. Everything seem to be working: I did tests with https://test-ipv6.com/ and https://ipv6-test.com (this one said ICMP filtered - ignored it for now). I can browse, do speed tests with ipv6 only, I see icloud and whatsapp traffic going over ipv6 etc.

For some reason though, I cannot open office.com nor outlook.office.com - the moment I disable IPV6, it starts working. I tried it on Mac and Windows Laptop. I also noticed that whenever I opened fast.com, the speed test never starts it stalls at the very beginning.

Out of curiosity I disabled UTM features (App control, AV, IPS) and results are the same. Secondly, I created a rule from WAN to Internal allowing ICMP6 but it didnt help.

Am I missing something regarding IPV6 implementation on Fortigates?

**Edit - it was a IPV6 BGP issue from the ISP.



No comments:

Post a Comment