This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 filtering - how do 'you' do it?!

IPv6 offers DHCPv6 and/or SLAAC.

If you use DHCPv6, you can assign a single, static, IPv6 IP address to a client and then write firewall rules based on that mapping. But then devices like Android don't support DHCPv6 so that's not an option if you have Android on the network.

If you use SLAAC, which Android does support, devices generate multiple (more than one) IP addresses but you then can't list more than one IP address for a client under the network definition area (UTM only allows one IPv6 IP address per host mapping). Therefore you can't write firewall rules to filter traffic to some devices whilst allowing it for others.

Is there an easy way around this and any obvious solution that I've not picked up on?



This thread was automatically locked due to age.
  • Being an avid supporter of SLAAC on my network, I've spent the last 3 months trying to work out how to allow reverse DNS lookups for clients that are using SLAAC. It appears that only AllKnowingDNS can currently do the job - but that will need configuring as a separate DNS server to my UTM, taking yet another function away from the UTM. What's the thinking in Sophos-land to integrate better control of SLAAC in the UTM?