Enabling IPv6

tgbayly · #1 (**permalink**) 2005-11-02

We are having trouble enabling IPv6 on our firewalls. A valid IPv6 license is installed on our SmartCenter server and the correct associations are made. When we attempt to create an IPv6 object on the dashboard the option is not there. Any suggestions?

tgbayly · #2 (**permalink**) 2005-12-09

Ok. I got IPv6 objects configured on the SmartCenter. And have v6 traffic throughput.

But, I noticed that IPv6 traffic passes when the only rule configured on the firewall is 'source any destination any deny'. If I specify that a v6 object (host or network) cannot pass then it is blocked. What is the IPv6 'any' object?

elblindo · #3 (**permalink**) 2006-01-12

[quote=tgbayly]Ok. I got IPv6 objects configured on the SmartCenter. And have v6 traffic throughput.

Could you give a hint how you are able to configure IPv6 objects?

regards

elblindo

tgbayly · #4 (**permalink**) 2006-01-12

I have a pdf I found off the web that is too big to attach here. Give me your email address and I'll send it to you.

Cheers,
Tom

inserm-dsi · #5 (**permalink**) 2006-03-14

Hello,
I installed Checkpoint Express NGX on Sparc Solaris 9/05 and I do not manage to visualize objects IPV6 in SmartDashboard.

- the system functions perfectly in IPV4 and IPV6 before the installation of Checkpoint
- I have a licence IPV6 on SmartCenter
- Checkpoint functions correctly in IPV4.

Traffic IPV6 is thus blocked.

Y has to you it an easy way to validate IPV6 correctly.

Cordially

gt2847c · #6 (**permalink**) 2006-08-13

I have R61 installed and the IPv6 config done up and have the objects, etc. I've got IPSO 4.1 running on an IP440 system. The 440 had v6/v4 both running fine before installing a policy on the box, with a policy no v6 similar to the previous poster. What I've noticed, but haven't figured out yet is how to get Neighbor discovery to work properly. If I go into my Cisco 3640 router, I can't get a ND entry for the firewall when a policy is installed on it. RIPNG is running on the 440 and sends out advertisements ok, but doesn't receive anything back. I've tried a few rules in the firewall to permit things, but no luck so far. If I find the trick for it, I'll post back here.

gt2847c · #7 (**permalink**) 2006-08-13

Bingo!... Found the trick. Have to enable IPv6 on the gateway as well as the management server. On your enforcement point, execute:
$FWDIR/scripts/fwipv6_enable
I rebooted the system afterwards (just to be sure), but you might be able to get away with a cpstop;cpstart.

Hope that helps... Worked great for me!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode