This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPv6 WAF question

Hi,

We have SG310 UTM and one of our customers want their website to be accessible also from IPv6 as well. Currently the website is accessible with IPv4 and WAF.

We have not configure the IPv6 on the UTM, Should  we enable the IPv6 and then use one of the free ports of the UTM for the IPv6 and then use the 6to4 option?

Is there a document on how make w webserver that has 10.0.10.0/24 accessible with IPv6?

Thanks

 



This thread was automatically locked due to age.
Parents
  • Hello AreshAreshi,

    UTM does support WAF over IPv6 but the listening server needs to have an IPv6 address.

    If there is an interface with an IPv4 address and an IPv6 link local address defined as frontend interface, the virtual webserver is only reachable at the IPv4 address. Interfaces for which only an IPv6 link local address is defined cannot be selected as frontend interface for a virtual webserver.

    Regards,

     


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • Hello AreshAreshi,

    UTM does support WAF over IPv6 but the listening server needs to have an IPv6 address.

    If there is an interface with an IPv4 address and an IPv6 link local address defined as frontend interface, the virtual webserver is only reachable at the IPv4 address. Interfaces for which only an IPv6 link local address is defined cannot be selected as frontend interface for a virtual webserver.

    Regards,

     


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
  • Hi,

    Thanks for your reply,

    We have 2 SG310 in HA Active/Passive mode with Full license, so I dont think licensing would be any issue here, am I right?

    So from whet I understand if we use the current WAN IPv4 interface and set IPv6 on it our website is not accessible from IPv6 and if we use an Free Interface and set the IPv6 then we can not use WAF! So what can we do to make an webserver behind utm accessible from borh IPv4 and IPv6 versions?

    Thanks