In my firewall I did not enabled the ipv6 to any port. But still firewall releasing the ipv6 IP address to the devices like Mobiles and IPV6 enabled systems. I am unable to trace where it is releasing and why. Could you please any one help in this regard.
Hello there,
Make sure you also didn't configure IPv6 DHCP server on the XG. Also, how are you checking if the XG is the one providing the IP?
Regards,
One thing that is missing from this thread is how much IPv6 traffic and where is it going? Please post log entries.
Ian
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 11:01:56.872727 Port4, IN: IP6 fe80::1607:8ff:fe0c:3616 > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:01:57.400529 Port4, IN: IP6 fe80::1607:8ff:fe0c:34ca > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:02:09.722809 Port4, IN: IP6 fe80::1607:8ff:fe0c:3639 > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:02:10.278298 Port4, IN: IP6 fe80::1607:8ff:fe0c:33d1 > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:02:14.618312 Port4, IN: IP6 fe80::1607:8ff:fe0c:3487 > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:02:16.055577 Port4, IN: IP6 fe80::1607:8ff:fe0c:41cc > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:02:19.997320 Port4, IN: IP6 fe80::1607:8ff:fe0c:36d4 > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:02:27.650308 Port4, IN: IP6 fe80::1607:8ff:fe0c:34d4 > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:03:00.001743 Port4, IN: IP6 fe80::1607:8ff:fe0c:3616 > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:03:01.703517 Port4, IN: IP6 fe80::1607:8ff:fe0c:34ca > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:03:06.824582 Port4, IN: IP6 fe80::54ef:92ff:fed2:4772 > ff02::2: ICMP6, router solicitation, length 16 11:03:07.141042 Port4, IN: IP6 fe80::a2ab:1bff:fed6:1bc7 > ff02::1: ICMP6, router advertisement, length 24 11:03:07.254374 Port4, IN: IP6 fe80::a2ab:1bff:fe20:784 > ff02::1: ICMP6, router advertisement, length 24 11:03:10.969029 Port4, IN: IP6 fe80::54ef:92ff:fed2:4772 > ff02::2: ICMP6, router solicitation, length 16 11:03:11.148572 Port4, IN: IP6 fe80::a2ab:1bff:fe20:784 > ff02::1: ICMP6, router advertisement, length 24 11:03:11.334741 Port4, IN: IP6 fe80::a2ab:1bff:fed6:1bc7 > ff02::1: ICMP6, router advertisement, length 24 11:03:13.688002 Port4, IN: IP6 fe80::1607:8ff:fe0c:3639 > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:03:15.517769 Port4, IN: IP6 fe80::1607:8ff:fe0c:33d1 > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 11:03:17.825027 Port4, IN: IP6 fe80::1607:8ff:fe0c:3487 > ff02::1: ICMP6, neighbor advertisement, tgt is 2001:250:3000:1::1:2, length 32 ??^C 19 packets captured 21 packets received by filter 0 packets dropped by kernel
Thanks n Regards,
Ramesh.Koduri
+919030011410
What do you get from logviewer?
From my understanding that shows you have a IPv6 configuration in your XG otherwise you would not see ff02::1
Sophos Firmware Version SFOS 18.0.4 MR-4
Network Settings Interface Name : Port4 (Physical) Zone Name : xxx
IPv4/Netmask : 192.168.xx.xx/255.255.xxx.xxx (Static) IPV4 Gateway : N.A.
IPv6/Prefix : Not Configured IPV6 Gateway : N.A.
Configured Aliases
No Alias Configured
Press Enter to continue ......
Did you see the above, IPv6 was not configured in Port 4. But still It is responding and reacting against IPv6. Why? Have you any idea or solution to trace.
what does logviewer show for port 4?
What about the external interface or DNS settings?
That is the thing I am unable to understand. From where it is coming into picture and responding too to the IPv6 requests/traffic.
External and DNS settings are under IPv4 only. Not identified any suspicious configurations against IPv6.
Hi,
I verified the port4, it is static IPv4 and not configured the IPv6. There is an IPv6 neighbor cache, After flush/delete also again table is get updating with IPv6 address.
something on your network is handing out link local addresses.
Go to configuration -> system services -> check that the IPv6 service is stopped.
Network -> IPv6 RA is not enabled or has any data in it.
DHCPv6 server --> No DHCPv6 sever configuredIPv6 RA --> Nothing was there