IPV6 setup on XG

Hi guys,

I am missing something with Sophos XG IPV6 setup. Using 17.5.8. I have done the following:

- Network | Interfaces | Eth1 (WAN): Enable IPV6 with automatic mode, I get the IP address 2a01:4b00:ea19:e37d:182e:6e5e:7a66:9c53 /64 with gateway fe80::2ab4:48ff:fe87:c9fb
- I am given from my ISP the prefix 2a01:4b00:8686:a900::/56 so I will create a /64 for the lan.
- Network | Interfaces | Eth0 (LAN): Set static IP 2a01:4b00:8686:a900::1/64
- Network | WAN Link Manager | Set the IPV6 gateway to disable NAT.
- Network | DNS: Set IPV6 DNS to obtain server via DHCP.
- Network | DHCP: Create a DHCP server on ETH0 for IPV6: Start IP address: 2a01:4b00:8686:a900::2 end IP address: 2a01:4b00:8686:a900::ffff. Leave other options as default.
- Network | IPV6 Router Advertisement: Create a new RA with managed and other flags set (so I can see the leases appear in the DHCP table), add my 2a01:4b00:8686:a900::/64 to the list of prefixes.
Firewall | IPV6: Create a new firewall rule: Name: Allow LAN to Internet Action: Accept Source zones: LAN Source networks and devices: Any Destination zones: WAN Destination networks: Any Services: Any Rewrite source address: off.

I am getting an assigned address but no outbound connectivity. I am sure I am missing something silly but any ideas?

Thanks.
Andrew.

  • Hi,

    you will need to use MASQ to obtain the internet. Also IPv6 on the XG is very limited when compared to the IP4 features.

    Ian

  • In reply to rfcat_vk:

    Hi,

    Are you saying that with the current XG I have to NAT IPV6 connections via one IP even if I am using a public prefix? That seems very strange and if so its probably not worth even bothering with IPV6 at this stage.

    I may investigate if I can push my device back to the UTM firmware as I really want to use this device and use IPV6, I know the UTM does this but I never used the XG software on an IPV6 connection until now.

    Andrew.

  • In reply to adhodgson:

    Unfortunately that is the case. I recently setup IPV6 as well and ran into the same issue.