Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 30 subscribers
  • Views 31697 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAN IPV6 in XG v17. Is there a trick to it?

Casual_User

Hello, 

I've been running XG firewall with IPV4 LAN and WAN for the past year.  I am currently running XG 17 MR3.  I decided to experiment with IPV6.  Under Interfaces I set the WAN port to use IPV6 DHCP Auto.  It appeared to connect via IPV6 since it found the IPV6 Gateway and it gave me a "green light" in the WAN Link Manager.  But I had no internet access through the firewall.  I tried pinging IPV6 sites and accessing IPV6 sites to no avail.  For comparison, I disconnected the XG firewall from the modem and connected my laptop directly to the modem.  My Windows 10 laptop quickly connected to the modem using IPV6 and found the same IPV6 gateway.  I was able to surf the internet with my laptop accessing IPV6 sites.  I had no special settings in Windows 10, just set it to automatically connect with DHCP.

So if the laptop could connect without issue, why can't the XG firewall connect?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    the XG does not fully support IPv6. The external interface will pickup IPv6 using the DHCP setting and will provide you with IPv6 DNS. The XG will not display or even show you your assigned /56 for your local network use. I was never able to find the assigned /56 so I gave in the hope that a new XG release will at least bring the XG up to the same standard as the IPv6 on the UTM. You will need to setup seperate rules.

    Ian

  • 0 in reply to rfcat_vk

    Yep.  Each and every rule will have to be duplicated.  But wait !!!  The bad joke does not end there !!!  You will have to duplicate all object as well !!!

    So ...  If you have 70 rules on your firewalls, and 150 objects ...  Well multiply by two.

    Same problems with NAT.  Instead of being a component of an object or network, it is a component of a rule.  So if you change your ISP, you will have to hunt all of these details.  Takes forever.

    Absolutely nothing is easy with Sophos.

  • 0 in reply to Big_Buck

    Hi Big_Buck,

    in theory you should not have to duplicate your rules because 'any' should pickup the IPv6 interfaces, but your suggesting it doesn't and the firewall rules having two tabs would also imply it doesn't. So that then leads to the next question, what is the difference and where is it displayed in the GUI between IP4 'any' and IPv6 'any'?

    The other theory is NAT was not required with IPv6 you could go direct, but the nat mob prevailed and masq/nat was added.

    "Then there is another issue with static addresses, because you cannot assign the same MAC address to two different IP addresses." I will rephrase this, you can't associate the same device name to a IPv6 and IP4 address.

    Ian

  • 0 in reply to rfcat_vk

    With Sophos, objects for IPv6 are not the same as objects for IPv4.  Checkpoint objects like many other firewalls have both IPv4 AND IPv6 adresses ...

    So ...  Yes you will have to re-write all of your rules and object.  IPv4 rules have no effect on IPv6 in Sophos.

Reply
  • 0 in reply to rfcat_vk

    With Sophos, objects for IPv6 are not the same as objects for IPv4.  Checkpoint objects like many other firewalls have both IPv4 AND IPv6 adresses ...

    So ...  Yes you will have to re-write all of your rules and object.  IPv4 rules have no effect on IPv6 in Sophos.

Children
No Data