Sophos Ideas / XG Firewall

XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

← XG Firewall

Add options for IPv6 DHCPv6-PD

My ISP supports native IPv6, they support prefix delegation using DHCPv6-PD to assign a /56 subnet. They do not assign the WAN interface an IPv6 address (i.e. no IA-NA) and only provide a prefix delegation (IA-PD). Currently XG (and UTM9) doesn't work with my ISP to get a PD because there are no options to request IA-PD only. My ISP edge router will respond to a solicit message with a IA-NA and IA-PD request but it would appear that the XG doesn't conform to RFC7550 when it sends a IA-NA message and receives a "NoAddrsAvail" from my ISP edge router.

327 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

LG shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

44 comments

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Marvin commented  ·   ·  Flag as inappropriate

    Now 5 years ago and a very important feature is always missing. I will see that
    I migrate to some OpenSource Firewalls.

  • Sean commented  ·   ·  Flag as inappropriate

    AT&T Lightspeed Fiber is now using DHCP6-PD. Please implement this! Thanks!

  • Brian commented  ·   ·  Flag as inappropriate

    Any word yet on when it may be implemented or what the reason is not to?

  • David commented  ·   ·  Flag as inappropriate

    I would love to have upgraded to XG, but am stuck on UTM due to lack of IPV6 DHCP-PD support. HOW is this most basic of all IPv6 functionality not even on the radar? With no support for this functionality in XG, and mostly broken/unreliable support in non-PPPoE IPv6 configurations on UTM (due to a very old bug with RADVD that has still not been fixed) - it's very hard to recommend a Sophos firewall to anyone who needs even the most basic functionality of IPv6 which, let's face it, is necessarily becoming commonplace.

  • Stefan commented  ·   ·  Flag as inappropriate

    Since a very long time, customers craving for this functionality - even low priced entry routers are able to handle this. But Sophos' equipment is not able to - oh sorry utm9 can, so the knowledge how it works is available so go ahead implement it. What's wrong - waiting for IPv10.....?

  • Robert commented  ·   ·  Flag as inappropriate

    We need DHCPv6-PD to deploy IPv6 to customer sites. Devices behind the firewall can not receive public addresses without this. Please consider this request.

  • Markus commented  ·   ·  Flag as inappropriate

    Dear Sophos,

    it is not acceptable in 2020 having lot of surely powerful but also expensive devices from Sophos XG Range.
    In Germany we have a lot of providers which are not offering an static ipv6 praefix. With the Sophos XG it is not possible to use native IPV6 without manually adjusting the praefix each 24h.

  • Thomas commented  ·   ·  Flag as inappropriate

    I watch the idealist (sorted by top) since May 2018. Over this time, DHCPv6-PD was always on position 20 or 21 and is right now on position 21. It looks like Sophos has noting implemented from the top 20 ideas over the last year.

  • ljbe commented  ·   ·  Flag as inappropriate

    Sophos, it would be out of character for you to do this but since this request has been open for almost 3 years, can you at least comment if this is something that you are even considering. Major releases have come and gone with nothing. And with v18 on the horizon with no mention of support for DHCPv6-PD, can you at least re-review the request and let us know so we can stop holding our breath.

  • Dean commented  ·   ·  Flag as inappropriate

    Hello
    I really need dhcp-pd fuction. When will you be adding this feature?

  • Piet commented  ·   ·  Flag as inappropriate

    This is really necessary.... Now we have to put another router in front of the XG in order to make this work...

  • P Fist commented  ·   ·  Flag as inappropriate

    Sophos XG is a great product, but implementing it with deprecated IPv4 only is a shame.

    Take a Engineer and 2 days worktime to implement this feature to finally make all your clients happy!

    It is so annoying.

  • Chris commented  ·   ·  Flag as inappropriate

    Will be replacing XG Firewalls with pfSense next year due to the lack of progress on comprehensive IPv6 support.
    Pretty sad that nearly 3 years on since this was requested, along with being #21 in the Top Voted list, that nothing has been done on this.

← Previous 1 3

XG Firewall: Base System + General UI

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.