IPv6 SSH
FortiGate supports SSH traffic through IPv6. When the proxy option is set to ssh in a proxy policy, IPv6 source and destination address options become available and SSH profiles can be assigned to IPv6 firewall policies.
Syntax in IPv6 firewall policy
config firewall policy6 edit 1 set utm-status enable set ssh-filter-profile <example> end
Syntax in proxy policy
config firewall proxy-policy edit 1 set proxy ssh set srcaddr6 “all” set dstaddr6 “all” end
Logging
When a proxy policy is being used, SSH traffic logs are generated by wad instead of the kernel.