Route IPv6 to DMZ

Hi,

the /56 is for your internal use. You assign a /64 to each lan and then assign addresses from that /64 pool.

ian

Thanks you for your reply.

Lets say I assign a /64 out of the /56 to the DMZ.
Assume I have a firewall rule allowing traffic from WAN to DMZ.

Is this enough or do I have to add any routes or anything else for the server in ths DMZ to be reachable by the IPv6 address?

Hi,

if you are using v20.0.1 or later then you don't need a NAT rule for IPv6. A firewall rule allowing internet (WAN) traffic to the DMZ should be enough to provide access.Assumption is the devices in your DMZ have been assigned an IPv6 address.

Ian

Hi,

if you are using v20.0.1 or later then you don't need a NAT rule for IPv6. A firewall rule allowing internet (WAN) traffic to the DMZ should be enough to provide access.Assumption is the devices in your DMZ have been assigned an IPv6 address.

Ian

I'm running SFOS 20.0.1 MR-1 but I'm unable to even ping an external ipv6 address from the dmz device.

The device in the DMZ has of course an IPv6 address assigned.

And I am able to ping the DMZ and WAN interface IP of the XGS.

Hi,

do you have a firewall rule zone dmz to the internet?

Ian

sure, from DMZ zone to WAN zone everything is allowed

Hi,

you will need to specifically add ping6. Partially wrong answer.

Please see the screenshot below of the ACL setup to provide access.

Ian

And what should I particularly see there? There are no checkmarks whatsoever for WAN or DMZ.

That is my setting to show you. You should tick boxes in the DMZ, similar to your lan.

ian