Hi community, I would like to configure my Sophos firewall with IPv6 WAN and LAN. My ISP has provided me with the addresses for this, and I have had a go at getting this to work but with no luck so wondering if someone can help me please. I am using SFOS 20.0.0 GA-Build222. Here is the message from my ISP on what they have provided... For IPv6 for Broadband we will supply a single /56 prefix. We support two assignment methods for this. DHCPv6 Prefix Delegation - This is our preferred method that customers use to get their prefix. Your router will need to request the delegated prefix and then assign it to your LAN interface(s). DNS is provided through this method. Static configuration - If a customer’s router does not request a DHCPv6-PD assignment a static route for the /56 assignment will be installed on the connected Broadband Gateway. This enables customers to statically configure the assigned prefix in whatever manner they want. We also assign a /64 address that if chosen to be used will be assigned to the router’s "WAN" interface. This /64 assignment is handed out through SLAAC from the connected Broadband Gateway. IPv6 doesn't require intermediate hops to have a global address as routing can occur on only a link-local address but for things like traceroute this can sometimes not be ideal. This assignment is handed out purely so that if used the customer will have end to end GUA addresses. They have then listed a /56 and /64 subnets that are assigned to me.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to implement IPv6 from my ISP

Hi community,

I would like to configure my Sophos firewall with IPv6 WAN and LAN.
My ISP has provided me with the addresses for this, and I have had a go at getting this to work but with no luck so wondering if someone can help me please.

I am using SFOS 20.0.0 GA-Build222.

Here is the message from my ISP on what they have provided...

For IPv6 for Broadband we will supply a single /56 prefix. We support two assignment methods for this.

DHCPv6 Prefix Delegation - This is our preferred method that customers use to get their prefix. Your router will need to request the delegated prefix and then assign it to your LAN interface(s). DNS is provided through this method.
Static configuration - If a customer’s router does not request a DHCPv6-PD assignment a static route for the /56 assignment will be installed on the connected Broadband Gateway. This enables customers to statically configure the assigned prefix in whatever manner they want.

We also assign a /64 address that if chosen to be used will be assigned to the router’s "WAN" interface. This /64 assignment is handed out through SLAAC from the connected Broadband Gateway. IPv6 doesn't require intermediate hops to have a global address as routing can occur on only a link-local address but for things like traceroute this can sometimes not be ideal. This assignment is handed out purely so that if used the customer will have end to end GUA addresses.

They have then listed a /56 and /64 subnets that are assigned to me.

This thread was automatically locked due to age.

Top Replies

rfcat_vk 9 months ago +1

Hi, what have you tried to enable IPv6 on your XG. A word of warning, the current version of XG (v20 GA) requires a NAT for IPv6, no NAT no IPv6 external access. 1/. Enable IPv6 on your WAN link using…

Parents

0 wilspin 9 months ago

This can be very tough. I got SFW19 IPv6/ipv4 dual working using these methods;

Put NAT device in front of SFW, connect Windows computer and confirm it displays dual stack: config /all.

Take ISP V6 delegation edit IP to make different sub net.

Set LAN interface with static v6 IP from subnet you have created.

put the same prefix in IPv6 router advertisement.

Problems i ran into;

Does not work immediately, will work when you check it later, don't know why.

WAN interface gets 2 v6 IP's, one public one private. Public must be listed first, if not restart till it does.

AS mentioned you must configure v6 nat and v6 FW rules.

I had to try different WAN configuration in the DHCP options. Different NAT routers behaved differently. or did not work at all. tried dlink, tp link and linksys.

WAN link manager would show orange at times but it still works.Huh?? and be sure interface list is public IP not FE80.xx.xx

Dan
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 wilspin 9 months ago

This can be very tough. I got SFW19 IPv6/ipv4 dual working using these methods;

Put NAT device in front of SFW, connect Windows computer and confirm it displays dual stack: config /all.

Take ISP V6 delegation edit IP to make different sub net.

Set LAN interface with static v6 IP from subnet you have created.

put the same prefix in IPv6 router advertisement.

Problems i ran into;

Does not work immediately, will work when you check it later, don't know why.

WAN interface gets 2 v6 IP's, one public one private. Public must be listed first, if not restart till it does.

AS mentioned you must configure v6 nat and v6 FW rules.

I had to try different WAN configuration in the DHCP options. Different NAT routers behaved differently. or did not work at all. tried dlink, tp link and linksys.

WAN link manager would show orange at times but it still works.Huh?? and be sure interface list is public IP not FE80.xx.xx

Dan
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data