This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to setup DHCP server to provide IPv4 and(!) IPv6 to internal network clients?

I recently was able to setup IPv6 outside to the internet, but my internal network is still IPv4. It should stay IPv4 as it's much easier to remember IPv4 addresses, however I would like to also assign IPv6 addresses to my internal clients. Other DHCP servers seems to be able to do so, but I don't know, how Sophos UTM is able to do. I can set up a DHCPv4 server and a DHCPv6 server but no dual server. Any help?



This thread was automatically locked due to age.
  • You should normally be able to setup both IPv4 and IPv6 DHCP server on the same interface. What you likely will need to adjust is the masquerading rule this will normally masquerade any traffic from the internal interface to the internet with your WAN-address. You may want to change this to only masquerade your internal IPv4 traffic so your IPv6 address becomes "visible" to the outside world. For this to work you will need to make a network definition for the IPv4 network range of your Internal network and then use that to masquerade to your WAN.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • But if I setup both, won't some devices just get an IPv6 and others only get an IPv4 depend on which DHCP server is answering faster? I would like the clients to get both, IPv4 and IPv6. Also fixed bindings, won't they work only on IPv4 or IPv6?

    I'm unsure, should I get my IPv6 to the internet? Shouldn't I also masquerade here behind my WAN IPv6?

  • No, if you set up both, both will be assigned (assuming both IPv4 and IPv6 stack are available in your devices). Also with fixed bindings it is possible to assign both an IPv4 and and IPv6 address.

    Beware though that both addresses will count in you license should you be limited on the number of IP's. In this case every device will count for 2 IP-addresses.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Many thanks! I just have another question: I'm running DHCP v6 now and it's assigning IP addresses to my internal clients. Well, now I'm behind a Fritz!Box which has the UTM as exposed host. If I do an IPv6 Test, I get, that my IPv6 address is not pingable (but it's the exposed host, why isn't it pingable, ICMP ping is allowed in the UTM), as well it's stating, that I don't have privacy extensions enabled, so the internet is seeing my IPv6 address of the Sophos/Astaro UTM firewall, which is finally decipherable as such, the MAC of the Sophos/Astaro is used. How to activate privacy extensions in the UTM? I know about Windows, Linux and Mac clients, but not about the UTM.