In my firewall I did not enabled the ipv6 to any port. But still firewall releasing the ipv6 IP address to the devices like Mobiles and IPV6 enabled systems. I am unable to trace where it is releasing and why. Could you please any one help in this regard.
Make sure you also didn't configure IPv6 DHCP server on the XG. Also, how are you checking if the XG is the one providing the IP?
Thank you for contacting the Sophos Community!
Try following this KB on how to capture ipv6 traffic on the XG. It should help you identify where the traffic is coming from.
Thank you for your reply, I am find the same but I would like to stop the lan traffic, like IPv6 intra network traffic should be not occurred in any manner.
Thanks n Regards,
What do you get from logviewer?
From my understanding that shows you have a IPv6 configuration in your XG otherwise you would not see ff02::1
Sophos Firmware Version SFOS 18.0.4 MR-4
Network Settings Interface Name : Port4 (Physical) Zone Name : xxx
IPv4/Netmask : 192.168.xx.xx/255.255.xxx.xxx (Static) IPV4 Gateway : N.A.
IPv6/Prefix : Not Configured IPV6 Gateway : N.A.
No Alias Configured
Press Enter to continue ......
Did you see the above, IPv6 was not configured in Port 4. But still It is responding and reacting against IPv6. Why? Have you any idea or solution to trace.
what does logviewer show for port 4?
What about the external interface or DNS settings?
That is the thing I am unable to understand. From where it is coming into picture and responding too to the IPv6 requests/traffic.
External and DNS settings are under IPv4 only. Not identified any suspicious configurations against IPv6.
I verified the port4, it is static IPv4 and not configured the IPv6. There is an IPv6 neighbor cache, After flush/delete also again table is get updating with IPv6 address.
something on your network is handing out link local addresses.
Go to configuration -> system services -> check that the IPv6 service is stopped.
Network -> IPv6 RA is not enabled or has any data in it.
DHCPv6 server --> No DHCPv6 sever configuredIPv6 RA --> Nothing was there
Yes, but is the dhcp6 service running?
DHCP Showing as running. There is no DHCP6 option to see there. One more option is sowing DHCPv6 Server and the status is as No DHCPv6 sever configured
So, all this points to something outside of your XG is broadcasting link local addresses. These should all be dropped in there firewall because it does not know how to process them.v6 traffic though it?
Thank god, Finally you understand my issue and near to the solution. Now, how we will stop this through firewall. Could you please any one help on this regard.
Now, you need to remove each device from your network until the issue stops. Further you need to examine every devices network configuration to determine which on is using IPv6 link local addressing.
I know that. It is an example to better understand only, easy to stop at water tank level instead of every and each water tap. Can we do like that from the firewall instead of each device?
Sure, you can look at the reports then check the MAC address against your dhcp server.
You are already said ff02::1 is nothing but XG. But nothing in my XG, I troubleshooted the maximum ways and followed your suggestions/instructions too. Then how to trace in my XG? It is again coming to the 1st question.
You haven’t checked logviewer for Mac addresses and then compared them to your dhcp server.
Can you check IPV6 router advertisement in XG. Please Disable it.
I Verified, nothing was there but still Firewall is responding and giving an link-local addresses for IPv6 enabled interfaces. I am unable to stop this. One thing identified it is a Port 4. But in port 4 also nothing was there against IPv6.
Is there any TPLINK router in the network ? Can you send me details of port 4 is it on Lan side ? and screenshot of Network IPV6 router advertisement ? Have you defined any gateway/helper address on infra switches?