Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 7985 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 WebServer

snlmauricio

I didn´t figure out how to create a IPv6 WebServer.

Is that true? Is not possible to create a IPv6 WebServer?

Regards,



This thread was automatically locked due to age.
  • 0

    Hi,

    how do get your IPv6 address range? Does it get passed from the external interface to the internal networks so you can advertise it, if not them IPv6 will not work from my experience.

    Have you created IPv6 firewall rules?

    Ian

  • 0 in reply to rfcat_vk

    I create a IPv6 Host Object:  2605:f700:xxxx:a005::101.

    And now, I´m tryung to create a WebServer at:

    PROTECT > WebServer > WebServers

    And the IPv6 Object is not available.

    Regards,

  • 0 in reply to snlmauricio

    Hi,

    please post your IPv6 advertisement rule with suitable masking and all other IPv6 configuration. Can you access your XG using IPv6 addressing?

    ian

  • 0 in reply to rfcat_vk

    Hi rfcat_vk,

    Going to: Firewall > IPv6 > Add Firewall Rule > Business Application Rule,

    We only have the Options:

    a) DNAT/Full NAT/Load balancing

    b) Email Clients (POP & IMAP)

    c) Email Servers (SMTP)

    Where is the option to publish the other services?

    Sophos XG is not full IPv6 compliance / compatible?

    Regards,

  • 0

    Hi,

    same issue here, XG310 running SFOS 17.1.3 MR-3

    It seems there is no way how to set up web server protection for IPv6-based webserver :-(   Any advice or workaround from Sophos?

    Best Regards,

    Jan

     

     

  • 0 in reply to Jan Valdman

    Hi Jan,

    a work around, but not nice is to put a small UTM in front of your XG.

    A 10 user licence would be required for maybe 2 years until the XG gets up to speed.  You could ask your ISP for a /29 IP4 so that you could setup a UTM rule without a NAT for the XG access.

    The UTM would,

    1/. manage your IPv6 access and address management

    2/. allow the other functions within the XG to be fully utilised.

    Ian

     

    Additional thoughts. Put the temporary UTM on a VM if you have the capacity (2 cpu, 4gb and 60gb, two or three NICs) which you can return to the pool after the XG catches up. Further you could try negotiating a discount on the UTM licence based on the limitations of the XG.