Need some help getting our Sophos XG 136 (LAB) Firewall working with IPv6.
Added v20 TAG
[edited by: Erick Jan at 4:55 AM (GMT -7) on 12 Apr 2024]
Need some help getting our Sophos XG 136 (LAB) Firewall working with IPv6.
Hi,
please post your WAN configuration in expanded mode. Also please post your IPv6 firewall rule and your IPv6 delegation setting for your internal network.
The IPv6 DHCP server will be added to the v20.0.1 MR-1.
Ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.
Haven't made any IPv6 rules yet. Figured the ANY ANY Default Network Policy would cover it.
Are you using delegate for internal addressing? if so until v20.0.1 is released you will need to enable RA to get addresses assigned. If you disable PD you will be able to use DHCP addressing.
The default any any rule should work and you don't need a NAT rule for IPv6 networks. Does logviewer show any traffic on the any any rule?
Ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.
Hi,
I think I see the issue, you are trying to use a bridge mode? Has your isp assigned you an address range for your internal network eg /56 or /48?
if not a bridge you need a different ipv6 /64 address range for your interfaces.
ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.
Turned on RA and deleted static IPv6 from ABCDC01. Based on that:
Both addresses are in the same /64. Are you using a bridge between the WAN and the LAN?
Ian
XG115W - v20 GA - Home
XG on VM 8 - v20 GA
If a post solves your question please use the 'Verify Answer' button.
Port 1 & Port 4 are in a bridge mode with an IPv6 of fc00:2222:3333:4444:cccc:dddd:eeee:ffff/64
This is where the server we are trying to get to connect to the Internet via IPv6 is. What IPv6 should I use for the Port 1 & Port 4 bridge? We don't think our ISP isn't giving out IP's, but then we're not sure how the IPv6 on ABCDOM01 was obtained automatically and since it starts with the 2600: it would appear to be from our ISP Spectrum. By the way, now with the new automatically obtained IPv6 we are no longer able to get a reply from the internal WAN interface.
If we enter fe80::7e5a:1cff:fe82:7215%3 on Port 1 for the IPv6 is says invalid. Sorry, we just aren't well versed in IPv6 yet and don't know how to translate the %3.
Negative. WAN and LAN are not bridged.
What IPv6 do you suggest is used on Port 1? Previously fc00:2222:3333:4444:cccc:dddd:eeee:ffff/64 had been used when we statically assigned IP's on the Windows 2019 server.