Need some help getting our Sophos XG 136 (LAB) Firewall working with IPv6.
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Need some help getting our Sophos XG 136 (LAB) Firewall working with IPv6.
Hi,
please post your WAN configuration in expanded mode. Also please post your IPv6 firewall rule and your IPv6 delegation setting for your internal network.
The IPv6 DHCP server will be added to the v20.0.1 MR-1.
Ian
XG115W - v20.0.2 MR-2 - Home
XG on VM 8 - v21 GA
If a post solves your question please use the 'Verify Answer' button.
Are you using delegate for internal addressing? if so until v20.0.1 is released you will need to enable RA to get addresses assigned. If you disable PD you will be able to use DHCP addressing.
The default any any rule should work and you don't need a NAT rule for IPv6 networks. Does logviewer show any traffic on the any any rule?
Ian
XG115W - v20.0.2 MR-2 - Home
XG on VM 8 - v21 GA
If a post solves your question please use the 'Verify Answer' button.
Hi,
I think I see the issue, you are trying to use a bridge mode? Has your isp assigned you an address range for your internal network eg /56 or /48?
if not a bridge you need a different ipv6 /64 address range for your interfaces.
ian
XG115W - v20.0.2 MR-2 - Home
XG on VM 8 - v21 GA
If a post solves your question please use the 'Verify Answer' button.
Port 1 & Port 4 are in a bridge mode with an IPv6 of fc00:2222:3333:4444:cccc:dddd:eeee:ffff/64
This is where the server we are trying to get to connect to the Internet via IPv6 is. What IPv6 should I use for the Port 1 & Port 4 bridge? We don't think our ISP isn't giving out IP's, but then we're not sure how the IPv6 on ABCDOM01 was obtained automatically and since it starts with the 2600: it would appear to be from our ISP Spectrum. By the way, now with the new automatically obtained IPv6 we are no longer able to get a reply from the internal WAN interface.
If we enter fe80::7e5a:1cff:fe82:7215%3 on Port 1 for the IPv6 is says invalid. Sorry, we just aren't well versed in IPv6 yet and don't know how to translate the %3.