Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 2528 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure PTP IPv4 Adress and IPv6 Gateway outside of the local Network

Lennart Kramer

Hello everybody, I'm stuck with a somewhat special configuration of a Sophos XG. The Sophos XG will be used in front of an existing Windows server.

However, this server has a point-to-point IP configuration and so far I see no way to reproduce this in a Sophos XG. The configuration is like this:

IP Address: 89.163.2xx.175
Subnet: 255.255.255.255 (/32)
Gateway: 89.163.1xx.97

In addition, an IPv6 address must be set up here, with the gateway outside the network. In the Windows server and also with a Linux server this is easily possible. With the Sophos XG it is not possible to configure this.

IPv6 Address: 2001:4ba0:ffe5:XXXX::0/64
Gateway: 2001:4ba0:ffe5:1:beef::1/128

Please excuse me if my english is not the best anymore. Usually I speak German. Here I have chosen English to increase the reach of the thread. English reading is no problem for me, but the grammar.

Thanks



This thread was automatically locked due to age.
  • 0

    Hi  

    As per the details provided, you are trying to set up P2P connectivity.

    On which Interface you want to configure the IPv4 on the XG firewall and which zone you want to configure?

    The given article may help you- https://community.sophos.com/kb/en-us/123128

  • 0 in reply to Keyur

    I'm trying to configure the WAN interface and not set up a tunnel. The IP addresses I have specified are currently the IP addresses of the Windows server. In the future, this server should get a Local IP address (172.16.0.10) behind the Sophos XG.
    The IP addresses are provided by the data center.

  • 0 in reply to Lennart Kramer

    Hi,

    what will the IPv6 address range for the internal network?

    You will need to setup seperate firewall rules for IPv6 and use NAT.

    Ian

  • 0 in reply to rfcat_vk

    The internal IPv6 network will be fd4c:51b1:962f:aff3::0/64

    I know, that i have to use seperate NAT and Firewall rules for IPv6. Thats not a problem. My only problem is to configure the WAN addresses.

  • 0 in reply to Lennart Kramer

    Hi,

    I don't think that will work because link local addresses are not routable?

    Ian

  • 0 in reply to rfcat_vk

    Hi,
    I'm using NAT for IPv6, so there are no issues with local IPv6 addresses.

    Since I will use WAF for the server, no internal IPv6 should be required.

    However, external IPv6 is required because access is partly through DS-Lite Internet connections (Double NAT), which is less of an issue with IPv6.

    But when I try to configure the IPv6 address on the WAN interface, the following error message comes up: "Interface IP and gateway IP address must be in the same network"

    That the gateway is outside the network is indeed correct, but should actually make no problems. This is not a problem for both a Linux server and the used Windows server.

     

    Greetings

  • 0 in reply to Lennart Kramer

    I suspect you will need an IPv6 on internal interface as well as someway of telling the server what the IPv6 gateway is.

    Please remember the IP4 and IPv6 functions in XG are two seperate firewalls. You will need to duplicate any IP4 rules with similar IPv6 rules.

    Ian

    Update:- I setup up my MBP with a link local and tried to connect to the internet IPv6 testing and failed. I have a real IPv6 address on the internal and the external interfaces. The linllocal does not identify the getaway, so you will need to manually configure the gateway into the server IPv6 addressing scheme.

    Further this no WAF under the current version of XG MR-7 using IPv6.

  • 0 in reply to rfcat_vk

    Thanks for your help, but unfortunately you fix yourself on the internal IPv6 interface.
    Unfortunately, I still can not set up the external IPv6, so intenal IPv6 does not matter.

    If I set my IPv6 address and the gateway, only an error message comes that the IPv6 gateway is outside the network.
    If I set up the network on a windows server, there are no problems.

     

     

    Greetings Lennart