We'd love to hear about it! Click here to go to the product suggestion community
There hasn't been a lot of talk in the roadmap discussion about the implementation of IPv6 DHCP-PD support on the XG platform. Can we expect to see that at some point in the near future?
Good question. There is no specific immediate plans, as we already support DHCP v6.
In reply to sachingurung:
So how does one go about setting up IPv6 from their ISP in a home environment. I couldn't for the life of me get it to work. It works fine on the external interface but I can't get any of my IPv4 clients to talk to IPv6 sites. I have no interest in using a tunnel broker. I'd like for it to work the same way it did in UTM and my understanding was it was using DHCP Prefix Delegation.
I respectfully disagree that Sophos XG supports DHCPv6. Please reference RFC 3633. https://www.ietf.org/rfc/rfc3633.txt
I am certain this is common knowledge that DHCPv6 is different from DHCPv4. In comparison to other firewall vendors, prefix delegation is available in DHCPv6.
DHCP-PD is not supported.
You can raise a feature request from here:
Please send me the link, so that I can vote it.
there are countless requests for dhcp -pd.. Most business class ISP (Timewarner, Comcast) use DHCP-pd to hand out v6 addresses so you not supporting that feature means we can not use native v6 . this was a feature of utm9 so why not migrate it over? the way v6 is implemented now makes it as useful as a sack of shit.
In reply to DavisDarvish:
I would consider the ability to obtain IP addressing basic functionality, but what do I know. As mentioned, DHCP-PD client is in UTM, even if it can't send a "hint" to request more than a /64.
Anyway, the XG workaround I'm doing is to have a router (MikroTik) get the IPv6 addressing (DHCP-PD) and then place XG immediately behind it, in bridge mode. This will give you the essential functions of Web Filter, Application Filter, IPS, etc. for both IPv4 and IPv6.
There is a major difference between DHCPv6 used for addressing an interface and DHCP-PD. DHCP-PD is the normal means for which PA (Provider Allocated) addressed network obtains its prefix. As in a network that does not have its own IP space.
Comcast uses DHCP-PD for both its residential and business cable service to allocate IP space to the end network.
As a gateway device, you need to support acting as a PD client as well as a PD server that can use the prefix obtained as a client in sub-delegations.
This feature still seems to be missing, and it is indeed something that a lot of ISPs would make use of...
I don't think that an idea for this has been actually suggested yet?
In reply to Sergiu Panaite:
Sadly, still has not been implemented.It is the only reason why I am still on UTMv9
In reply to JesseStanford:
Supposedly its on the radar but don't think it will appear with v17.
Wish I would have known this about 4 hours ago. Just finished setting up XG on a utm 220 to replace a virtual instance. This really sucks.
Thanks Sophos for your lack of support!!
Now to see if I can remove it from my infrastructure and start over again!
In reply to RobertW:
Not seen as a high priority by Sophos was the answer when raised during v17 beta.
It is truly inexplicable that we are now at the doorstep of 2018 and a feature that most major providers, at least in the US, use to hand out IPv6 addresses on both residential and business service, is totally AWOL in a next generation firewall. I know there are workarounds and I'm using one, but really no excuse for it.
In reply to Bill Roland:
I am too, but it is not reliable. I have to reset the ISP connection in the XG if the link drops.
In reply to Ian Morehouse:
I have been playing around with putting a UTM in front of the XG, works so far. Need to put the XG into bridge mode which is a major rework of static addressing.