IPv6 renumbering -how

Hey rfcat_vk ,

Thank you for reaching out to the community, I believe  Sophos automatically renumbers in the event of IPv6 prefix changes and  Prefix changes are initiated by your ISP via DHCPv6 prefix delegation. To deactivate renumbering, unselect the checkbox and click Apply


For manually renumbering Specify the current prefix of the IPv6 addresses to be renumbered & Enter the prefix into the Old prefix field. To specify the new prefix enter the prefix into the new prefix field and then click apply, all IPv6 addresses with the defined current prefix will be renumbered using the new prefix.

Add an IPv6 router advertisement - https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Network/IPv6RouterAdvertisement/NetworkIPv6RouterAdvertisementAdd/index.html

Does SFOS support IPv6 PD? I thought that was one of the last unfinished IPv6 feartures. (Though I would LOVE it if you'd also implement NPT so we could insulate ourselves from new prefixes being thrown at us.)

So folks like rfcat are using assigned /48's manually, right?

 rfcat_vk  Could you describe where it is that you want to change things now that you have a new /48? I'm assuming this is not an additional /48 and it's replacing your previous one and you want to update static DHCPv6-served IP addresses? Or other places you need to change the prefix?

This is where Network Prefix Translation (NPT) would be helpful. You basically assign your IPv6's using a phony prefix that will never change, and NPT changes that to your actual prefix (as obtained by PD). Sort-of like NAT except there's a 1:1 mapping. But your internal IPs never change, which is also cool.

Hi Wayne,

The IPv6 PD is promised for sometime in V20. Eventually when the XG catches up to the UTM with IPv6 eg no mandatory NAT,having the your own Iv6 /48 will be required,, not an address range from some other ISP/RSP which is what I currently have.

You can insulate yourself from internal network address changes by always using NAT in your IPv6 rules.

Ian

OK, I've only experimented with IPv6 via a Hurricane Electric tunnel, which required no NAT and I think was my own /48. It was assigned, not PD'd (which of course SFOS doesn't have yet) and was pretty easy to use. So not familiar with other IPv6 ISP methods.

But if I use IPv6 NAT, does that do something different from IPv4 NAT (which hides all internal IPv4's behind a single public IPv4)? Or is it imply hiding all internal IPv6 behind a single public IPv6 -- in which case might as well not use IPv6 at all.

OK, I've only experimented with IPv6 via a Hurricane Electric tunnel, which required no NAT and I think was my own /48. It was assigned, not PD'd (which of course SFOS doesn't have yet) and was pretty easy to use. So not familiar with other IPv6 ISP methods.

But if I use IPv6 NAT, does that do something different from IPv4 NAT (which hides all internal IPv4's behind a single public IPv4)? Or is it imply hiding all internal IPv6 behind a single public IPv6 -- in which case might as well not use IPv6 at all.