Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 3 answers
  • Subscribers 40 subscribers
  • Views 1952 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route IPv6 to DMZ

pgross

Hi there,

we have a /64 subnet (with gateway) and a /56 assigned by the ISP. No PD in place.
I've assigned an address from the /64 subnet together with the gateway to the WAN interface, which is now reachable via IPv6.

I'd like to assign IPv6 Addresses to the servers in our DMZ too.
How can I do that?

I'm not really clear about why I need two subnets and what to do with the /56 subnet.

Any help is appreciated, thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    the /56 is for your internal use. You assign a /64 to each lan and then assign addresses from that /64 pool.

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks you for your reply.

    Lets say I assign a /64 out of the /56 to the DMZ.
    Assume I have a firewall rule allowing traffic from WAN to DMZ.

    Is this enough or do I have to add any routes or anything else for the server in ths DMZ to be reachable by the IPv6 address?

  • 0 in reply to pgross

    Hi,

    if you are using v20.0.1 or later then you don't need a NAT rule for IPv6. A firewall rule allowing internet (WAN) traffic to the DMZ should be enough to provide access.Assumption is the devices in your DMZ have been assigned an IPv6 address.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I'm running SFOS 20.0.1 MR-1 but I'm unable to even ping an external ipv6 address from the dmz device.

    The device in the DMZ has of course an IPv6 address assigned.

    And I am able to ping the DMZ and WAN interface IP of the XGS.

  • 0 in reply to pgross

    Hi,

    do you have a firewall rule zone dmz to the internet?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    sure, from DMZ zone to WAN zone everything is allowed

Reply Children
Unfiltered HTML