IPv6 DHCP-PD Support

Hi Todd,

Good question. There is no specific immediate plans, as we already support DHCP v6.  

Thanks

Sachin Gurung

So how does one go about setting up IPv6 from their  ISP in a home environment.  I couldn't for the life of me get it to work.  It works fine on the external interface but I can't get any of my IPv4 clients to talk to IPv6 sites.  I have no interest in using a tunnel broker.  I'd like for it to work the same way it did in UTM and my understanding was it was using DHCP Prefix Delegation.

Hello Sachin,

I respectfully disagree that Sophos XG supports DHCPv6.   Please reference RFC 3633.  https://www.ietf.org/rfc/rfc3633.txt

I am certain this is common knowledge that DHCPv6 is different from DHCPv4.  In comparison to other firewall vendors, prefix delegation is available in DHCPv6.

Thank you.

Hi Todd,

DHCP-PD is not supported.

You can raise a feature request from here:

http://feature.astaro.com/forums/330219-sophos-xg-firewall

Please send me the link, so that I can vote it.

Thanks

Sachin Gurung

there are countless requests for dhcp -pd.. Most business class ISP  (Timewarner, Comcast) use DHCP-pd to hand out v6 addresses so you not supporting that feature means we can not use native v6 . this was a feature of utm9 so why not migrate it over? the way v6 is implemented now makes it as useful as a sack of shit. 

I would consider the ability to obtain IP addressing basic functionality, but what do I know.  As mentioned, DHCP-PD client is in UTM, even if it can't send a "hint" to request more than a /64.

Anyway, the XG workaround I'm doing is to have a router (MikroTik) get the IPv6 addressing (DHCP-PD) and then place XG immediately behind it, in bridge mode.  This will give you the essential functions of Web Filter, Application Filter, IPS, etc. for both IPv4 and IPv6.

There is a major difference between DHCPv6 used for addressing an interface and DHCP-PD.  DHCP-PD is the normal means for which PA (Provider Allocated) addressed network obtains its prefix.  As in a network that does not have its own IP space.  

Comcast uses DHCP-PD for both its residential and business cable service to allocate IP space to the end network.

As a gateway device, you need to support acting as a PD client as well as a PD server that can use the prefix obtained as a client  in sub-delegations.

2016...

This feature still seems to be missing, and it is indeed something that a lot of ISPs would make use of...

I don't think that an idea for this has been actually suggested yet?

Sadly, still has not been implemented.It is the only reason why I am still on UTMv9

https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/11546439-add-options-for-ipv6-dhcpv6-pd

Supposedly its on the radar but don't think it will appear with v17.