We'd love to hear about it! Click here to go to the product suggestion community
I am missing something with Sophos XG IPV6 setup. Using 17.5.8. I have done the following:
- Network | Interfaces | Eth1 (WAN): Enable IPV6 with automatic mode, I get the IP address 2a01:4b00:ea19:e37d:182e:6e5e:7a66:9c53 /64 with gateway fe80::2ab4:48ff:fe87:c9fb- I am given from my ISP the prefix 2a01:4b00:8686:a900::/56 so I will create a /64 for the lan.- Network | Interfaces | Eth0 (LAN): Set static IP 2a01:4b00:8686:a900::1/64- Network | WAN Link Manager | Set the IPV6 gateway to disable NAT.- Network | DNS: Set IPV6 DNS to obtain server via DHCP.- Network | DHCP: Create a DHCP server on ETH0 for IPV6: Start IP address: 2a01:4b00:8686:a900::2 end IP address: 2a01:4b00:8686:a900::ffff. Leave other options as default.- Network | IPV6 Router Advertisement: Create a new RA with managed and other flags set (so I can see the leases appear in the DHCP table), add my 2a01:4b00:8686:a900::/64 to the list of prefixes.Firewall | IPV6: Create a new firewall rule: Name: Allow LAN to Internet Action: Accept Source zones: LAN Source networks and devices: Any Destination zones: WAN Destination networks: Any Services: Any Rewrite source address: off.
I am getting an assigned address but no outbound connectivity. I am sure I am missing something silly but any ideas?
you will need to use MASQ to obtain the internet. Also IPv6 on the XG is very limited when compared to the IP4 features.
In reply to rfcat_vk:
Are you saying that with the current XG I have to NAT IPV6 connections via one IP even if I am using a public prefix? That seems very strange and if so its probably not worth even bothering with IPV6 at this stage.
I may investigate if I can push my device back to the UTM firmware as I really want to use this device and use IPV6, I know the UTM does this but I never used the XG software on an IPV6 connection until now.
In reply to adhodgson:
Unfortunately that is the case. I recently setup IPV6 as well and ran into the same issue.