Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 23 replies
  • Subscribers 30 subscribers
  • Views 31710 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAN IPV6 in XG v17. Is there a trick to it?

Casual_User

Hello, 

I've been running XG firewall with IPV4 LAN and WAN for the past year.  I am currently running XG 17 MR3.  I decided to experiment with IPV6.  Under Interfaces I set the WAN port to use IPV6 DHCP Auto.  It appeared to connect via IPV6 since it found the IPV6 Gateway and it gave me a "green light" in the WAN Link Manager.  But I had no internet access through the firewall.  I tried pinging IPV6 sites and accessing IPV6 sites to no avail.  For comparison, I disconnected the XG firewall from the modem and connected my laptop directly to the modem.  My Windows 10 laptop quickly connected to the modem using IPV6 and found the same IPV6 gateway.  I was able to surf the internet with my laptop accessing IPV6 sites.  I had no special settings in Windows 10, just set it to automatically connect with DHCP.

So if the laptop could connect without issue, why can't the XG firewall connect?



This thread was automatically locked due to age.
  • 0 in reply to shred

    Depends on what your ISP provides you with? Mine provides a /56 and the WAN link is one of the /64s within the /56, that is the beauty of the UTM (SG) it shows you your assigned /56 or /48, the XG doesn't.

    For your internal networks choose one of the /64s for each LAN and VLAN. Becareful with your your /56 and /64 boundaries. Also internally with this version ox XG what you use is not important because you have to use MASQ with IPv6.

    Ian

  • 0 in reply to rfcat_vk

    My ISP is assigning an address of XXXX:XXXX:XXXX:XXX:: /64

    I configured my LAN interface with a static IPv6 address of XXXX:XXXX:XXXX:XXX::1 / 64 (using the same first 64-bits that was assigned by my ISP).

    I then setup an IPv6 Router Advertisement using the default settings but set the Prefix /64 value of XXXX:XXXX:XXXX:XXX:: (as assigned by the ISP).

    All of my devices on the network are assigning themselves an IPv6 address.

    Created a firewall rule for the device I'm testing. However, when I try to run ipv6-test.com on that device, it's failing. I've tried both enabling and disabling "Rewrite source address (masquerading)" on my firewall rule.

    However, if I setup a IPv6 DHCP server and select "Managed flag" on my IPv6 router advertisement with masquerading, ipv6-test.com test passes just fine. I'd prefer to not run a IPv6 DHCP server and utilize IPv6 SLAAC for auto-assigning addresses.

    Any ideas? I'm sure I'm messing something up. :) 

  • 0 in reply to shred

    Hi Shred,

    running SLAAC will give you many IPv6 addresses per device, which is very hard to manage because you never know which address is going to the internet. I run DHCP with RA enabled but untick the options. Surprised your were not supplied with a /56 is the usual practice and recommended by the IPv6 RFC don't know which one).

    You can use the /64 internally because the XG NATs it. So you could use XXXX.XXXX.XXxX.XXXX::1 for your external interface and XXXX.XXXX.XXXX.XXXX::1 for your internal interface and all will work well.

    Ian