ipv6

In my firewall I did not enabled the ipv6 to any port. But still firewall releasing the ipv6 IP address to the devices like Mobiles and IPV6 enabled systems. I am unable to trace where it is releasing and why. Could you please any one help in this regard. 



Added TAG
[edited by: emmosophos at 8:36 PM (GMT -8) on 8 Feb 2021]
Parents
  • Hello there,

    Thank you for contacting the Sophos Community!

    Try following this KB on how to capture ipv6 traffic on the XG. It should help you identify where the traffic is coming from.

    Regars,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi emmosophos,

    Thank you for your reply, I am find the same but I would like to stop the lan traffic, like IPv6 intra network traffic should be not occurred in any manner. 

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

  • One thing that is missing from this thread is how much IPv6 traffic and where is it going? Please post log entries.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 byt
    es
    11:01:56.872727 Port4, IN: IP6 fe80::1607:8ff:fe0c:3616 > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:01:57.400529 Port4, IN: IP6 fe80::1607:8ff:fe0c:34ca > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:02:09.722809 Port4, IN: IP6 fe80::1607:8ff:fe0c:3639 > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:02:10.278298 Port4, IN: IP6 fe80::1607:8ff:fe0c:33d1 > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:02:14.618312 Port4, IN: IP6 fe80::1607:8ff:fe0c:3487 > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:02:16.055577 Port4, IN: IP6 fe80::1607:8ff:fe0c:41cc > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:02:19.997320 Port4, IN: IP6 fe80::1607:8ff:fe0c:36d4 > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:02:27.650308 Port4, IN: IP6 fe80::1607:8ff:fe0c:34d4 > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:03:00.001743 Port4, IN: IP6 fe80::1607:8ff:fe0c:3616 > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:03:01.703517 Port4, IN: IP6 fe80::1607:8ff:fe0c:34ca > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:03:06.824582 Port4, IN: IP6 fe80::54ef:92ff:fed2:4772 > ff02::2: ICMP6, route
    r solicitation, length 16
    11:03:07.141042 Port4, IN: IP6 fe80::a2ab:1bff:fed6:1bc7 > ff02::1: ICMP6, route
    r advertisement, length 24
    11:03:07.254374 Port4, IN: IP6 fe80::a2ab:1bff:fe20:784 > ff02::1: ICMP6, router
    advertisement, length 24
    11:03:10.969029 Port4, IN: IP6 fe80::54ef:92ff:fed2:4772 > ff02::2: ICMP6, route
    r solicitation, length 16
    11:03:11.148572 Port4, IN: IP6 fe80::a2ab:1bff:fe20:784 > ff02::1: ICMP6, router
    advertisement, length 24
    11:03:11.334741 Port4, IN: IP6 fe80::a2ab:1bff:fed6:1bc7 > ff02::1: ICMP6, route
    r advertisement, length 24
    11:03:13.688002 Port4, IN: IP6 fe80::1607:8ff:fe0c:3639 > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:03:15.517769 Port4, IN: IP6 fe80::1607:8ff:fe0c:33d1 > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    11:03:17.825027 Port4, IN: IP6 fe80::1607:8ff:fe0c:3487 > ff02::1: ICMP6, neighb
    or advertisement, tgt is 2001:250:3000:1::1:2, length 32
    ??^C
    19 packets captured
    21 packets received by filter
    0 packets dropped by kernel

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

  • What do you get from logviewer? 

    From my understanding that shows you have a IPv6 configuration in your XG otherwise you would not see ff02::1

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Sophos Firmware Version SFOS 18.0.4 MR-4

    Network Settings
    Interface Name : Port4 (Physical)
    Zone Name : xxx

    IPv4/Netmask : 192.168.xx.xx/255.255.xxx.xxx (Static)
    IPV4 Gateway : N.A.

    IPv6/Prefix : Not Configured
    IPV6 Gateway : N.A.

    Configured Aliases

    No Alias Configured

    Press Enter to continue ......

    Did you see the above, IPv6 was not configured in Port 4. But still It is responding and reacting against IPv6. Why? Have you any idea or solution to trace.

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

  • what does logviewer show for port 4?

    What about the external interface or DNS settings?

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • That is the thing I am unable to understand. From where it is coming into picture and responding too to the IPv6 requests/traffic.

    External and DNS settings are under IPv4 only. Not identified any suspicious configurations against IPv6.

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

  • Hello there,

    Make sure you also didn't configure IPv6 DHCP server on the XG. 

    Also, how are you checking if the XG is the one providing the IP? 

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi,

    I verified the port4, it is static IPv4 and not configured the IPv6. There is an IPv6 neighbor cache, After flush/delete also again table is get updating with IPv6 address.

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

  • Hi,

    something on your network is handing out link local addresses.

    Go to configuration -> system services -> check that the IPv6 service is stopped.

    Network -> IPv6 RA is not enabled or has any data in it.

    Ian

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.
  • Hi,

    DHCPv6 server --> No DHCPv6 sever configured
    IPv6 RA --> Nothing was there

    Thanks n Regards,

    Ramesh.Koduri

    +919030011410

Reply Children