Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 7999 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 Gateway constantly failing

LHerzog

I need some help to understand why this firewalls IPv6 gateway is constantly reported as failed.

It's XGS126 with SFOS 20.0.1

Because of that Gateway errors I reconfigured it from being an active gateway to a backup failover gateway only.

I have IPv4 and IPv6 bindings both on Port2

If I ping the gateway, I get a "blank" result. Is that normal?

a ping to google v6 is OK

The gateway is always shown as up

This is the event log

I use the gateway IP to determine the state of the Gateway



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    please try a tracert to the gateway address during failure.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    unfortunately it's too short for manual traceroute - most of the times the XGS reports "down" and one minute later up. Some times, the "OK" alert comes a few minutes later.

    I'll try something on the CLI

    at least, no alerts since configuring the IPv6 Gateway as failover only

    update: no, firewall is still reporting it as failed

Reply
  • 0 in reply to rfcat_vk

    unfortunately it's too short for manual traceroute - most of the times the XGS reports "down" and one minute later up. Some times, the "OK" alert comes a few minutes later.

    I'll try something on the CLI

    at least, no alerts since configuring the IPv6 Gateway as failover only

    update: no, firewall is still reporting it as failed

Children
  • 0 in reply to LHerzog

    XGS126_XN02_SFOS 20.0.1 MR-1-Build342 HA-Primary# route -e -A inet6
    Kernel IPv6 routing table
    Destination                                 Next Hop                                Flags Metric Ref    Use Iface
    ::/0                                        fe80::1                                 UG    1      5       80 Port2
    ::/0                                        ::                                      !n    2      1        0 lo
    ::/0                                        ::                                      !n    -1     1   256223 lo
    ::/0                                        fe80::1                                 UG    1      5     8983 Port2

    ...

    ...

    traceroute6 -6 2001:4860:4860::8844
    traceroute to 2001:4860:4860::8844 (2001:4860:4860::8844), 30 hops max, 72 byte packets
     1  xxxxxxxxxx (xxxx:xxxx:23::1)  0.676 ms  0.720 ms  0.551 ms
     2  xxxxxxxxxxxxxxxxxx (xxxxxxxxe::9f)  1.095 ms  0.832 ms  xxxxxxxxxxxxxxxxxxxxx (xxxxxxxxe::9e)  1.343 ms
     ...
     ...

    I changed the gateway IPv6 now from the link local fe80::1 to the native IPv6 address of the gateway and see if the behavior changes.

    route -e -A inet6
    Kernel IPv6 routing table
    Destination                                 Next Hop                                Flags Metric Ref    Use Iface
    ::/0                                        xxxx:xxxx:23::1                         UG    1      5       23 Port2
    ::/0                                        ::                                      !n    2      1        0 lo
    ::/0                                        ::                                      !n    -1     1   256561 lo
    ::/0                                        xxxx:xxxx:23::1                         UG    1      4       15 Port2

  • +1 in reply to LHerzog
    LHerzog said:

    I changed the gateway IPv6 now from the link local fe80::1 to the native IPv6 address of the gateway

    that fixed it while it should be sufficient to only enter that IP in the availability check.

Unfiltered HTML