Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos fire wall Dual stack Control Center/system interfaces WAN link manager is red why not green?

Hi All,

I recently added IPv6 support to XG FW and something says not right. I have pubic v6  address on WAN link, 2 private ranges on LAN and DMZ . I am using router advertisement for IPv6. The FW rules show traffic on v6 both directions, The v6 test web sites give it 10/10 pass (https://test-ipv6.com/). 1/2 my traffic volume in reports is v6. It all works great.!

However the gateway and interfaces turned red after I set this up and persist today, is it really broken? seems fine to me. Thoughts anyone?



This thread was automatically locked due to age.
Parents
  • Hey All,

    So I decided to build a new firewall, no fancy rules, no vpn access just dual stack and a test workstation. So the results were interesting. first i was pleased as V6 gate way was green! However the testing tools say no Ipv6 and its not configured correctly. I duplicated my current set up except no DMZ in this one. Also my v6 rule had outbound traffic  only. V6 DNS workes so what the hell.

    So I changed the LAN IPv6 address range to one that is closer in type to my existing FW. Nope still test site says NO! But I now have inbound traffic in rule.. So i had both gateways with green status but test site say no v6. So I gave up.

    Interesting today I dove back in to try again. IT WORKS!!! Did not do anything! test say YES and GW is green. I remember when I set up the first one. it did not work right way. I don't know why there is a delay.

    The next question is how do i trouble shoot the original installation? Maybe abandon it? if i duplicate the settings in the new one will the v6 GW status return to red?

Reply
  • Hey All,

    So I decided to build a new firewall, no fancy rules, no vpn access just dual stack and a test workstation. So the results were interesting. first i was pleased as V6 gate way was green! However the testing tools say no Ipv6 and its not configured correctly. I duplicated my current set up except no DMZ in this one. Also my v6 rule had outbound traffic  only. V6 DNS workes so what the hell.

    So I changed the LAN IPv6 address range to one that is closer in type to my existing FW. Nope still test site says NO! But I now have inbound traffic in rule.. So i had both gateways with green status but test site say no v6. So I gave up.

    Interesting today I dove back in to try again. IT WORKS!!! Did not do anything! test say YES and GW is green. I remember when I set up the first one. it did not work right way. I don't know why there is a delay.

    The next question is how do i trouble shoot the original installation? Maybe abandon it? if i duplicate the settings in the new one will the v6 GW status return to red?

Children
  • So an update on the test FW status, in control center the interfaces icon is now red. not sure when it changed. Both gateways are still green. Still passes v6 tests. Funny thought there is some v4 traffic for dns starting 2 days ago.What was is doing for DNS first 3 days? Not much feedback guys, what should I be doing?