I've already submitted this as a feature request - more than once, as I know others have as well. However, I still want to bring it up here as I heard rumors a while back it *might* be in 18.5 - which, to my disappointment, it wasn't.
The infamous IPv6 prefix delegation - its part of the older UTM, but never incorporated into the new XG. This is an important feature - for personal installs and small business (where they don't have blocks allocated for static assignment). Some of the major ISPs - like Cox and Comcast allow prefix delegation. Without this feature, a /64 is simply assigned to your WAN interface with nothing to assign to the LAN - you end up having to use NAT, which is not what we want for IPv6 - may as well stay on IPv4 if you are going to continue using NAT! With Prefix Delegation (PD), the WAN interface simply gets an IP (l/128, etc..), and /64 prefixes can now be assigned to the LAN side - or other downstream networks / routers as needed (I believe COX in my area hands out a /60 - 16 subnets, more than enough for most!).
As it stands, I put a router in front of my XG (the unifi EdgeRouter 4 which does fine @ 1G speeds). I have this device operating essentially as a stateless router only. It just doesn't make sense that I need to have this extra device and hop, where the only benefit it provides is what the downstream firewall should have the ability to provide. Most platforms I am aware of support it - including free firewalls like Pfsense.
I bring this up because I really love the Sophos - interface is clean, easy to use, and robust. I use it at home and have even recommended (and deployed) higher end appliance based solutions for my enterprise customers - they love it too! But more companies are looking at deploying IPv6 - your spending hundreds of thousands of dollars - or millions - to do major refreshes, I always recommend my customers at the very least enable IPV6 on their backbone and network devices - deploying to clients is easy then.But frankly, not having this feature is a huge deal - doesn't make sense for anyone to spend extra money and have more devices to manage because the feature is missing! And NAT for IPv6 - well, not even going there - not an option or won't waste time with IPv6! IPv6 has been around for a long time!I implemented my first IPv6 solution for a hosting provider around a decade ago! Rich IPv6 features shouldn't even be optional - they should be part of any enterprise class software!
Thanks - please take this as constructive criticism. Hopefully someone can comment. I love Sophos XG - hands down one of the best interfaces I have worked with! And thats why I care that its missing this critical feature.
This thread was automatically locked due to age.
