This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAN IPv6 to DMZ/LAN IPv4

Hello Forum!
I have a little challenge here.

TLTR: Translating WAN IPv6 to LAN IPv4.

I would like to make various services accessible via IPv4 and IPv6 from the WAN side.
Internally in the LAN and DMZ I would like to continue working only with IPv4.
-> I have several static IPv4 addresses from my ISP, which are also used for servers in the DMZ (web server in the DMZ + VPN)
-> I have several static IPv6 addresses from my ISP, which I would like to use for my servers

How can I configure Sophos to translate IPv6 addresses to IPv4?
I would like to make web servers in the DMZ accessible from outside via IPv6, but only assign IPv4 addresses internally.
The same with the VPN (SSL + Sophos Connect).

The problem, in Germany there is a bigger internet provider (let's call him Team Red - Every German knows the "club" -.-) which provides DS-Lite connections.
My users in the home office have problems to set up the VPN via IPv4 and should therefore use IPv6. (They like loose connection sometimes over IPv4)

So far I have already created rules in the IPv6 section of the firewall rules.
Here I defined that from WAN direction DMZ over the public address the services HTTP and HTTPS are allowed.
For VPN I have created a rule that allows everything from zone VPN and source SSLVPN + IPSEC to zone LAN and DMZ. This helps a little bit to establish a connection for the home office users. (At least that's how I feel)
But since my systems do not have IPv6 but only IPv4, I cannot select them as target.

Here in the forum, as well as on other websites this project is often described, but never a useful solution is given.
4 years ago it was said that Sophos could not do this.
How does it look today?
Is there a - for Sophos beginners - understandable step-by-step guide?

Have a XG 330 - SFOS 18.0.3 MR-3



This thread was automatically locked due to age.
Parents
  • Hi,

    what is the problem with using IPv6 internally? Also at this stage XG requires a NAT for IPv6 access and does not support IPv6 FQDN.

    You would have to build NAT rules I suspect to translate from the IPv6 address to the IP4 device address.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • We currently do not have IPv6 internally because not all of Sophos's features will be available.
    Enabling this would require a huge amount of configuration.
    Therefore I want a simple routing / natting from IPv6 to IPv4.

    Where exactly do I have to set up NAT?
    I can only manage to set up IPv4 to IPv4 and IPv6 to IPv6 rules.

Reply
  • We currently do not have IPv6 internally because not all of Sophos's features will be available.
    Enabling this would require a huge amount of configuration.
    Therefore I want a simple routing / natting from IPv6 to IPv4.

    Where exactly do I have to set up NAT?
    I can only manage to set up IPv4 to IPv4 and IPv6 to IPv6 rules.

Children
No Data