This feature is available only with Barracuda Web Application Firewall version 7.6 or higher.
Internet Protocol Version 6 (IPv6)
IP version 6 (IPv6) is a new version of the Internet Protocol, the successor of IP version 4 (IPv4). The main advantage of IPv6 is a larger address space than IPv4.
- IPv6 uses 128-bit IP addresses compared to 32-bit IP addresses used by IPv4.
- Version 6 supports varied addressing types (unicast, anycast, multicast, link-local, sitelocal, and global).
- IPv6 addresses can be associated with one or more interfaces.
Address Notation
IPv6 addresses are represented as eight 16-bit hexadecimal blocks separated by colons (:).
Example: FEDC:0000:0000:0000:FEDC:E4BF:0100:0010
The leading zeros can be omitted within each 16-bit hexadecimal block, and written as 0 instead of 0000, 100 instead of 0100 and 10 instead of 0010. These zeros can be further compressed and replaced with double-colon (::) to make IPv6 address notation less cumbersome. The double-colon can be used only once to compress an IPv6 address, either in the beginning, middle or end.
Example: FEDC::FEDC:E4BF:100:10 is equivalent to FEDC:0000:0000:0000:FEDC:E4BF:100:10
IPv6 Support in Barracuda Web Application Firewall
The Barracuda Web Application Firewall supports Internet Protocol Version 6 (IPv6) along with its predecessor IPv4. The current firmware release (7.6) provides only basic IPv6 features. Before configuring IPv6 Services, read the following:
- Enabling IPv6
- Configuring the Barracuda Web Application Firewall with IPv6 addresses
Enabling IPv6
By default, IPv6 is disabled on the Barracuda Web Application Firewall. To enable IPv6, go to the BASIC > IP Configuration > Addresses page and set Enable IPv6 to Yes.
Configuring the Barracuda Web Application Firewall with IPv6 Addresses
Before configuring IPv6 services, you must assign IPv6 addresses to the interfaces on the BASIC > IP Configuration page. Only then can you connect to an IPv6 network. By default, the Barracuda Web Application Firewall accepts traffic only from IPv4 networks, and drops all IPv6 traffic. When IPv6 is enabled, the Barracuda Web Application Firewall accepts both IPv4 and IPv6 traffic. The IPv6 address for interfaces can be configured in the WAN IPv6 Configuration, LAN IPv6 Configuration, and Management IPv6 Configuration sections. For detailed configuration instructions, click Help on that page.
Configuring IPv6 Services
You can create new services (IPv4 and IPv6) by going to BASIC > Services > Add New Service, and then selecting the appropriate version from the version drop-down list. Specify a name, type of service desired, a Virtual IP (VIP) address, port, and one or more Real Servers. You should configure a global IPv6 address for your Virtual IP address.
The following table lists the various interfaces to services that can be used when IPv6 is enabled:
| Front-end | Back-end | Use Case |
|---|---|---|
| IPv6 | IPv6 | Used when the complete network setup is being migrated to support IPv6-based addressing. |
| IPv6 | IPv4 | Used when you wish to publish IPv6 addresses for web applications without changing the addressing in your internal network. |
| IPv4 | IPv6 | Used when third-party applications connecting to your applications are not yet ready to communicate via IPv6. |
| IPv4 | IPv4 | Used in current deployments without any IPv6 support. |
Limitations of IPv6 in the Barracuda Web Application Firewall
The Barracuda Web Application Firewall IPv6 implementation has the following limitations:
- Currently, IPv6-based addressing is not supported for the following features:
- Adaptive Profiling
- Trusted Hosts
- Connection to the Barracuda Networks Technical Support Center via the support tunnel does not accept IPv6 addresses. To establish connection to the support tunnel, make sure you have IPv4 address configured in the WAN IP Configuration and LAN IP Configuration sections on the BASIC > IP Configuration page.
- IPv6 addresses cannot be configured via the Console configuration.