In my firewall I did not enabled the ipv6 to any port. But still firewall releasing the ipv6 IP address to the devices like Mobiles and IPV6 enabled systems. I am unable to trace where it is releasing and why. Could you please any one help in this regard.
Make sure you also didn't configure IPv6 DHCP server on the XG. Also, how are you checking if the XG is the one providing the IP?
Thank you for contacting the Sophos Community!
Try following this KB on how to capture ipv6 traffic on the XG. It should help you identify where the traffic is coming from.
Thank you for your reply, I am find the same but I would like to stop the lan traffic, like IPv6 intra network traffic should be not occurred in any manner.
Thanks n Regards,
Sophos Firmware Version SFOS 18.0.4 MR-4
Network Settings Interface Name : Port4 (Physical) Zone Name : xxx
IPv4/Netmask : 192.168.xx.xx/255.255.xxx.xxx (Static) IPV4 Gateway : N.A.
IPv6/Prefix : Not Configured IPV6 Gateway : N.A.
No Alias Configured
Press Enter to continue ......
Did you see the above, IPv6 was not configured in Port 4. But still It is responding and reacting against IPv6. Why? Have you any idea or solution to trace.
what does logviewer show for port 4?
What about the external interface or DNS settings?
That is the thing I am unable to understand. From where it is coming into picture and responding too to the IPv6 requests/traffic.
External and DNS settings are under IPv4 only. Not identified any suspicious configurations against IPv6.
I verified the port4, it is static IPv4 and not configured the IPv6. There is an IPv6 neighbor cache, After flush/delete also again table is get updating with IPv6 address.
something on your network is handing out link local addresses.
Go to configuration -> system services -> check that the IPv6 service is stopped.
Network -> IPv6 RA is not enabled or has any data in it.
DHCPv6 server --> No DHCPv6 sever configuredIPv6 RA --> Nothing was there
Yes, but is the dhcp6 service running?
DHCP Showing as running. There is no DHCP6 option to see there. One more option is sowing DHCPv6 Server and the status is as No DHCPv6 sever configured
So, all this points to something outside of your XG is broadcasting link local addresses. These should all be dropped in there firewall because it does not know how to process them.v6 traffic though it?
Thank god, Finally you understand my issue and near to the solution. Now, how we will stop this through firewall. Could you please any one help on this regard.
Now, you need to remove each device from your network until the issue stops. Further you need to examine every devices network configuration to determine which on is using IPv6 link local addressing.
I know that. It is an example to better understand only, easy to stop at water tank level instead of every and each water tap. Can we do like that from the firewall instead of each device?
Sure, you can look at the reports then check the MAC address against your dhcp server.
You are already said ff02::1 is nothing but XG. But nothing in my XG, I troubleshooted the maximum ways and followed your suggestions/instructions too. Then how to trace in my XG? It is again coming to the 1st question.
You haven’t checked logviewer for Mac addresses and then compared them to your dhcp server.
Can you check IPV6 router advertisement in XG. Please Disable it.
I Verified, nothing was there but still Firewall is responding and giving an link-local addresses for IPv6 enabled interfaces. I am unable to stop this. One thing identified it is a Port 4. But in port 4 also nothing was there against IPv6.
Is there any TPLINK router in the network ? Can you send me details of port 4 is it on Lan side ? and screenshot of Network IPV6 router advertisement ? Have you defined any gateway/helper address on infra switches?
Thank you for your consideration.
There is an D-Link routers DIR-600M & DIR-615. Both are have only following configuration options for IPv6
Static IPv6SLAAC/DHCPv6PPPoEIPv6 in IPv4 Tunnel6 to 46rdLink-Local Only(Configured as existing)
There is no option to disable or stop the IPv6. These are configured as Access Points only, but still releasing the IPv6 address to the systems. I disabled the IPv6 from the each device. But no option to disable to few more like Mobiles, DVRs, Smart Devices etc... This is the case 1.
2nd case: in Firewall Port 4 is an Lan IP without configuration of IPv6, but still it is responding (Advertisement/Solicitation) to few more devices like said above. I am unable to understand how to stop to the both cases.
Advertisement/Solicitation from firewall;
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes09:40:25.666359 Port4, IN: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1607:8ff:fe0c:34d4 > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:250:3000:1::1:2, Flags [override] destination link-address option (2), length 8 (1): 14:07:08:0c:34:d409:40:42.838645 Port4, IN: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1607:8ff:fe0c:3639 > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:250:3000:1::1:2, Flags [override] destination link-address option (2), length 8 (1): 14:07:08:0c:36:3909:40:46.446195 Port4, IN: IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::1607:8ff:fe0c:3616 > ff02::1: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2001:250:3000:1::1:2, Flags [override] destination link-address option (2), length 8 (1): 14:07:08:0c:36:16