The NextGen Firewall F-Series supports IPv6 along with its predecessor IPv4. By default, IPv6 is disabled and only traffic from IPv4 networks is accepted. When IPv6 is enabled, the firewall accepts both IPv4 and IPv6 traffic. IPv6 addresses can be used only via NextGen Admin, not via command-line tools. To configure IPv6 services, you must first assign non-link-local IPv6 addresses to the interfaces. IPv6 is supported for the following services:
- Firewall Service
- VPN Service (envelope only)
- Virus Scanner (not in combination with Application Control)
- DNS Service
- DHCP Service
- DHCP Relay
- Dynamic Routing: OSPF/RIP/BGP
- SNMP Service
- Mail Gateway
- NextGen Firewall F-Series Management
- NextGen Firewall F-Series High Availability Clusters
By default, IPv6 is disabled on the F-Series Firewall and Control Center. After enabling IPv6, all interfaces automatically create link-local IP addresses. A reboot is required after enabling IPv6 to ensure the kernel modules are loaded properly.
For more information, see How to Enable IPv6.
Static IPv6 WAN Connection
If your ISP has assigned static IPv6 addresses for your network, you can configure the firewall to use a static IPv6 address.
For more information, see How to Configure Static IPv6 WAN Connections.
Dynamic IPv6 WAN Connections
The F-Series Firewall can use prefix delegation, and both stateless and stateful autoconfiguration to receive IPv6 addresses.
For more information, see How to Configure Dynamic IPv6 WAN Connections
Configure IPv6 Management IP Address
In addition to the IPv4 management IP address, you can configure an IPv6 management IP address and use it to manage your F-Series Firewall and Control Center.
For more information, see How to Add an IPv6 Management IP Address.
IPv6 WAN Connections in AWS
If you are using an F-Series Firewall in AWS, or in an AWS region with VPC IPv6 support, you can configure the F-Series Firewall to use the IPv6 addresses assigned by AWS.
For more information, see How to Configure IPv6 for F-Series Firewalls in AWS.
Retrieving the DUID from the DHCPv6 Lease File
In some cases, your ISP may require the DUID to configure your IPv6 WAN connection. The DUID is stored in the DHCP leases file on the firewall.
For more information, see How to Retrieve the DUID from the Original IPv6 Lease File.