IPv6 data packets consist of a header and the payload. Because an IPv6 header is optimized for easy processing, its block size has a length of 40 bytes. This block only contains information that is essential for the IP routing. All other information must be put into an additional header that extends the standard IPv6 header - the IPv6 extension header. This header has a default length of 64 bit and can therefore be processed very quickly on 64-bit operating systems.
If selected in the configuration window, the respective IPv6 extension header is inserted between the header and the payload and contains an ID that fits into the existing system of protocol numbers. In the following table, the column with the header name Shows in Firewall History as holds the name of the extension header that is blocked by selecting the respective header type:
| Extension Header | Meaning | Shows in Firewall History as |
|---|---|---|
| Hop-by-Hop Options | Examines packet by all devices on the path | Hop by Hop |
| Routing | Directs a packet to one or more intermediate nodes before being sent to its destination | Routing |
| Fragment | Carries information necessary to reassemble the original packet | Fragments |
| Authentication Header | Ensures connectionless integrity using a hash and a secret shared key | Auth Hdr |
| Encapsulation Security Payload | Carries encrypted data for secure communication | ESP |
| Destination Options | The header needs to be examined by the destination node only | Destination |
| Mobility | Parameters for use with mobile IPv6 | Mobility |
| Host Identity Protocol | Used for HIPv2 | Host Identity |
| Shim6 Protocol | Detects outages through the path and determines valid locator pairs when an outage is detected | Shim6 |
| Experimental and testing (type 253) | Reserved | Reserved 253 |
| Experimental and testing (type 254) | Reserved | Reserved 254 |
| Routing type 0 | Obsolete through RFC 5095 | Routing Type 0 |
Before You Begin
- The Feature Level of the Forwarding Firewall must be set to 7.2 or higher.
Configure IPv6 Extension Headers
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
- Double-click an IPv6 access rule.
- The Edit Rule window is displayed.
- From the Views menu on the left of the Edit Rule window, select IPv6 Extension Header.
- Select the check box for the line that applies.
- Click Send Changes.
- Click Activate.