Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 42 subscribers
  • Views 10282 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I can't use IPV6 in my XG Firewall Home Edition (SOLVED BY MYSELF)

octaivermatt

Hi everybody,

i have bought a mini PC (Celeron  dual core, 2x gigabit lan onboard, 6GB ram) to use Sophos XG Firewall instead of using the router provided from my cable internet provider.

Everything is working fine, unless IPV6

With the router from my ISP, my ipv6 works very well. I can pass with maximum score in any ipv6 test. With sophos XG, i cant put ipv6 to work.

 Sophos gets IPV6 number from my ISP via DHCP, in WAN port, but it is not offering to lan clients. 

I already tried to put a static IP in lan interface, configured dhcp and router announcement, and i had created a ipv6 rule in firewall.Nothing works.

 How can i use ipv6 in my Sophos XG? I think that i'm missing to create a NAT rule...but idk how

EDIT: Solved. What i did? after activating DHCP IPV6 in WAN settings, creating a bogus ipv6 static ip in LAN, i created a dynamic dhcp, ipv6 advertising, ipv6 firewall rule and then, a new nat rule)

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    what you are missing is you need to setup IPv6 on your LAN manually. Take the details from the router and use them to configure your XG IPv6. Also with IPv6 on the XG, IPv6 is considered a seperate firewall. Also IPv6 is missing a lot of the functionality available on IP4.

    You will need seperate rules for IPv6 and objects.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    i already had configured ipv6 manually in my lan settings, as you can see in my attached pic in first message.

    I have successful configured. What i have missed was really the NAT settings. After creating a new nat, to use instead of "MASQ" (preconfigured), my ipv6 is working. The only problem is that i have to mannually update my nat, if ipv6 change (dynamic ip)

     

Reply
  • 0 in reply to rfcat_vk

    Hi,

    i already had configured ipv6 manually in my lan settings, as you can see in my attached pic in first message.

    I have successful configured. What i have missed was really the NAT settings. After creating a new nat, to use instead of "MASQ" (preconfigured), my ipv6 is working. The only problem is that i have to mannually update my nat, if ipv6 change (dynamic ip)

     

Children
  • 0 in reply to octaivermatt

    Hi,

    you don't need to use a specific NAT, the default one works. Have you enabled RA with your DHCP server. I also don't understand why you have different connection speeds for each of the protocols on the interfaces?

    Ian

    Also, your ISP would have assigned you a /56 address range which you would chose a /64 to use one LAN segment. The /56 would show in your router. Most ISPs assign the /56 almost permanently it is usually your WAN connection that will have the dynamic address assignment. There is also an issue with your WAN addressing two ports with the same address.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to octaivermatt

    Please give me a detailed step for step manual how you make the ipv6 nat.

    Hi,

    i already had configured ipv6 manually in my lan settings, as you can see in my attached pic in first message.

    I have successful configured. What i have missed was really the NAT settings. After creating a new nat, to use instead of "MASQ" (preconfigured), my ipv6 is working. The only problem is that i have to mannually update my nat, if ipv6 change (dynamic ip)

     

     

  • 0 in reply to Tim Peuster1

    Hi Tim,

    in the firewall rule you need to enable MASQ and rewrite the ports (tick box). For some silly reason Sophos has decided the default IPv6 network needs a NAT rather than being an option.

    I can't post a screenshot because I am using V18 where the NAT setup is quite different.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Tim Peuster1

    Hello,

    can you show me your firewall rule and your nat details?

    Which IPv6 must I use for NAT?
    What is the IP Host?

    I don't know how to configure it.

    For the version 18 I'm still waiting, for my home version isn't still version 18 available.

  • 0 in reply to Tim Peuster

    Hi,

    You are using v17.5.9? The upgrade to that will rollout shortly or you can download it and install it yourself.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML