Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 28 subscribers
  • Views 1086 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question about IPv6 and DUID creation

rfcat_vk

Hi,

I have a new IoT device that works with IPv6. It is assigned an FE address if I don't use RA, if enable RA it is assigned an IPv6 address within the RA range but does not appear in the DHCP server listing. None of these addresses appear in the XG DHCP server list. The device is talking to the internet with the IP4 and the IPv6  fe address. I would like to get some visibility of what it is actually doing so I can workout why websites are being blocked when they are in the allowed list.

Now the question is how to create a DUID for it so I can add a static IPv6.

Ian



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Sophos XG Firewall supports configuration of DHCPv6 options, as defined in RFC 3315.

    So any DUID would be fine but in general if a long-term stable hardware identifier is required then DUID-UUID or DUID Vendor Assigned would be good choice.

    Few command which may be helpful to get UUDI:

    Linux dmidecode | grep UUID
    RHEL6, Fedora cat /sys/devices/virtual/dmi/id/product_uuid
    Windows WMIC CSPRODUCT
    ESXi vsish -e get /hardware/machineUUID
  • 0 in reply to Vishal_R

    Hi Vishal_R,

    it is a TV, you do not get access to the OS to run commands.

    The issue being the TV probably self generates a link local address which is stored somewhere on the XG, does appear in reports, so somewhere on the XG the DUID is stored, where?

    If I enable the two options in the IPv6 RA for the specific IPv6 address range the device is assigned two IPv6 addresses that do not appear in any logs, let alone in the DHCP assigned address list. So the next question is how do you manage internet access and security for RA assigned IPv6 addresses when they are not displayed in any of the usual management functions on the XG?

    This is far "from security made simple".

    Ian

Reply
  • 0 in reply to Vishal_R

    Hi Vishal_R,

    it is a TV, you do not get access to the OS to run commands.

    The issue being the TV probably self generates a link local address which is stored somewhere on the XG, does appear in reports, so somewhere on the XG the DUID is stored, where?

    If I enable the two options in the IPv6 RA for the specific IPv6 address range the device is assigned two IPv6 addresses that do not appear in any logs, let alone in the DHCP assigned address list. So the next question is how do you manage internet access and security for RA assigned IPv6 addresses when they are not displayed in any of the usual management functions on the XG?

    This is far "from security made simple".

    Ian

Children
No Data