Hi folks,
some of the issues raised in this thread have been raised earlier but were never addressed by any of the Sophos staff or Devs that visit the EAP forums. The current XG IPv6 implementation is a big improvement of v17.5.x
For those that have been reading the EAP posts know I have been investigating why my iPhone does not play nice with the XG where as the iPad does, both have the same CA installed.
1/. IPV6, clienteles users, VLANs and match know users does not work.
2/. not all firewall IP4 functions are available in IPv6.
3/. statically assigned IPv6 addresses do not appear in the DHCP lease table.
I have tracked down why some of the iPhone functions do not work on my XG V18 installation.
If you have the proxy enabled on both IP4 and IPv6 firewall rules and https scanning also enabled the iPhone will fail SSL negotiations.
You have to disable https scanning in both IP4 and IPv6 rules This is where the IPv6 VLAN limitation comes into play.
You cannot setup an IPv6 firewall rule to put iPhones etc into a non scanning group and select that group within the rule.
On my network simply putting the iPhones into a non VLAN environment is not that simple because the AP SSIDs are all set to use VLANs.
So a network redesign is required, I do have a spare port on the XG and a spare AP55 with a two new IP address ranges (IP4 and IPv6) for iPhones.
Ian