Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 31 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 52333 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 DHCP-PD Support

ToddMiller

There hasn't been a lot of talk in the roadmap discussion about the implementation of IPv6 DHCP-PD support on the XG platform.  Can we expect to see that at some point in the near future?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    So how does one go about setting up IPv6 from their  ISP in a home environment.  I couldn't for the life of me get it to work.  It works fine on the external interface but I can't get any of my IPv4 clients to talk to IPv6 sites.  I have no interest in using a tunnel broker.  I'd like for it to work the same way it did in UTM and my understanding was it was using DHCP Prefix Delegation.

  • 0 in reply to sachingurung

    Hello Sachin,

    I respectfully disagree that Sophos XG supports DHCPv6.   Please reference RFC 3633.  https://www.ietf.org/rfc/rfc3633.txt

    I am certain this is common knowledge that DHCPv6 is different from DHCPv4.  In comparison to other firewall vendors, prefix delegation is available in DHCPv6.

    Thank you.

  • 0 in reply to sachingurung

    there are countless requests for dhcp -pd.. Most business class ISP  (Timewarner, Comcast) use DHCP-pd to hand out v6 addresses so you not supporting that feature means we can not use native v6 . this was a feature of utm9 so why not migrate it over? the way v6 is implemented now makes it as useful as a sack of shit. 

  • 0 in reply to DavisDarvish

    I would consider the ability to obtain IP addressing basic functionality, but what do I know.  As mentioned, DHCP-PD client is in UTM, even if it can't send a "hint" to request more than a /64.

    Anyway, the XG workaround I'm doing is to have a router (MikroTik) get the IPv6 addressing (DHCP-PD) and then place XG immediately behind it, in bridge mode.  This will give you the essential functions of Web Filter, Application Filter, IPS, etc. for both IPv4 and IPv6.

  • 0 in reply to sachingurung

    There is a major difference between DHCPv6 used for addressing an interface and DHCP-PD.  DHCP-PD is the normal means for which PA (Provider Allocated) addressed network obtains its prefix.  As in a network that does not have its own IP space.  

    Comcast uses DHCP-PD for both its residential and business cable service to allocate IP space to the end network.

    As a gateway device, you need to support acting as a PD client as well as a PD server that can use the prefix obtained as a client  in sub-delegations.

    2016...

  • 0 in reply to TronyTigno

    Hi,

    IPv6 in home environment.

    1/. Enable Iv6 on your external interface.

    2/. You can while waiting for PD to be added use any IPv6 address range you like because the current XG (V18 GA)  requires a NAT, no option. I expect a LAN to LAN IPv6 rule will also require a NAT, I haven't tried yet.

    3/. examine the externalIPv6 address assigned to your external interface and from there you should be able to work out what /56 has been assigned to you. My Austraian ISP has a reasonably stable IPv6 assignment and I use the /64 from the /56 internally.

    4/. setup your firewall rules and do not forget the NAT otherwise no internet access.

    5/. the limitation at this stage is FQDN groups which I haven't tried in the V18 GA yet.


    ian

  • 0 in reply to rfcat_vk

    Hello rfcat_vk,

    what must the rules for NAT look like?

  • 0 in reply to Christos Vassiliou

    Hi Christos,

    are you using V178 or V18? If v17 then you click MASQ in your firewall rule, if using v18 then you need to create a linked NAT rule and change to MASQ and don't forget to see both rules.

    Ian