Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 2530 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure PTP IPv4 Adress and IPv6 Gateway outside of the local Network

Lennart Kramer

Hello everybody, I'm stuck with a somewhat special configuration of a Sophos XG. The Sophos XG will be used in front of an existing Windows server.

However, this server has a point-to-point IP configuration and so far I see no way to reproduce this in a Sophos XG. The configuration is like this:

IP Address: 89.163.2xx.175
Subnet: 255.255.255.255 (/32)
Gateway: 89.163.1xx.97

In addition, an IPv6 address must be set up here, with the gateway outside the network. In the Windows server and also with a Linux server this is easily possible. With the Sophos XG it is not possible to configure this.

IPv6 Address: 2001:4ba0:ffe5:XXXX::0/64
Gateway: 2001:4ba0:ffe5:1:beef::1/128

Please excuse me if my english is not the best anymore. Usually I speak German. Here I have chosen English to increase the reach of the thread. English reading is no problem for me, but the grammar.

Thanks



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to rfcat_vk

    Hi,
    I'm using NAT for IPv6, so there are no issues with local IPv6 addresses.

    Since I will use WAF for the server, no internal IPv6 should be required.

    However, external IPv6 is required because access is partly through DS-Lite Internet connections (Double NAT), which is less of an issue with IPv6.

    But when I try to configure the IPv6 address on the WAN interface, the following error message comes up: "Interface IP and gateway IP address must be in the same network"

    That the gateway is outside the network is indeed correct, but should actually make no problems. This is not a problem for both a Linux server and the used Windows server.

     

    Greetings

Children
  • 0 in reply to Lennart Kramer

    I suspect you will need an IPv6 on internal interface as well as someway of telling the server what the IPv6 gateway is.

    Please remember the IP4 and IPv6 functions in XG are two seperate firewalls. You will need to duplicate any IP4 rules with similar IPv6 rules.

    Ian

    Update:- I setup up my MBP with a link local and tried to connect to the internet IPv6 testing and failed. I have a real IPv6 address on the internal and the external interfaces. The linllocal does not identify the getaway, so you will need to manually configure the gateway into the server IPv6 addressing scheme.

    Further this no WAF under the current version of XG MR-7 using IPv6.

  • 0 in reply to rfcat_vk

    Thanks for your help, but unfortunately you fix yourself on the internal IPv6 interface.
    Unfortunately, I still can not set up the external IPv6, so intenal IPv6 does not matter.

    If I set my IPv6 address and the gateway, only an error message comes that the IPv6 gateway is outside the network.
    If I set up the network on a windows server, there are no problems.

     

     

    Greetings Lennart