I can't use IPV6 in my XG Firewall Home Edition (SOLVED BY MYSELF)

Hi everybody,

i have bought a mini PC (Celeron  dual core, 2x gigabit lan onboard, 6GB ram) to use Sophos XG Firewall instead of using the router provided from my cable internet provider.

Everything is working fine, unless IPV6

With the router from my ISP, my ipv6 works very well. I can pass with maximum score in any ipv6 test. With sophos XG, i cant put ipv6 to work.

 Sophos gets IPV6 number from my ISP via DHCP, in WAN port, but it is not offering to lan clients. 

I already tried to put a static IP in lan interface, configured dhcp and router announcement, and i had created a ipv6 rule in firewall.Nothing works.

 How can i use ipv6 in my Sophos XG? I think that i'm missing to create a NAT rule...but idk how

EDIT: Solved. What i did? after activating DHCP IPV6 in WAN settings, creating a bogus ipv6 static ip in LAN, i created a dynamic dhcp, ipv6 advertising, ipv6 firewall rule and then, a new nat rule)

 

  • Hi,

    what you are missing is you need to setup IPv6 on your LAN manually. Take the details from the router and use them to configure your XG IPv6. Also with IPv6 on the XG, IPv6 is considered a seperate firewall. Also IPv6 is missing a lot of the functionality available on IP4.

    You will need seperate rules for IPv6 and objects.

    Ian

  • In reply to rfcat_vk:

    Hi,

    i already had configured ipv6 manually in my lan settings, as you can see in my attached pic in first message.

    I have successful configured. What i have missed was really the NAT settings. After creating a new nat, to use instead of "MASQ" (preconfigured), my ipv6 is working. The only problem is that i have to mannually update my nat, if ipv6 change (dynamic ip)

     

  • In reply to octaivermatt:

    Hi,

    you don't need to use a specific NAT, the default one works. Have you enabled RA with your DHCP server. I also don't understand why you have different connection speeds for each of the protocols on the interfaces?

    Ian

    Also, your ISP would have assigned you a /56 address range which you would chose a /64 to use one LAN segment. The /56 would show in your router. Most ISPs assign the /56 almost permanently it is usually your WAN connection that will have the dynamic address assignment. There is also an issue with your WAN addressing two ports with the same address.

  • In reply to octaivermatt:

    Please give me a detailed step for step manual how you make the ipv6 nat.

    octaivermatt

    Hi,

    i already had configured ipv6 manually in my lan settings, as you can see in my attached pic in first message.

    I have successful configured. What i have missed was really the NAT settings. After creating a new nat, to use instead of "MASQ" (preconfigured), my ipv6 is working. The only problem is that i have to mannually update my nat, if ipv6 change (dynamic ip)

     

     

  • In reply to Tim Peuster1:

    Hi Tim,

    in the firewall rule you need to enable MASQ and rewrite the ports (tick box). For some silly reason Sophos has decided the default IPv6 network needs a NAT rather than being an option.

    I can't post a screenshot because I am using V18 where the NAT setup is quite different.

    Ian

  • In reply to Tim Peuster1:

    Hello,

    can you show me your firewall rule and your nat details?

    Which IPv6 must I use for NAT?
    What is the IP Host?

    I don't know how to configure it.

    For the version 18 I'm still waiting, for my home version isn't still version 18 available.

  • In reply to Tim Peuster:

    Hi,

    You are using v17.5.9? The upgrade to that will rollout shortly or you can download it and install it yourself.

    Ian