XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

Add options for IPv6 DHCPv6-PD

My ISP supports native IPv6, they support prefix delegation using DHCPv6-PD to assign a /56 subnet. They do not assign the WAN interface an IPv6 address (i.e. no IA-NA) and only provide a prefix delegation (IA-PD). Currently XG (and UTM9) doesn't work with my ISP to get a PD because there are no options to request IA-PD only. My ISP edge router will respond to a solicit message with a IA-NA and IA-PD request but it would appear that the XG doesn't conform to RFC7550 when it sends a IA-NA message and receives a "NoAddrsAvail" from my ISP edge router.

206 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

LG shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

30 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...
  • Robert Dunmire III commented  ·   ·  Flag as inappropriate

    This would be a big deal for our deployment if the XG would receive a prefix from the ISP and apply that prefix to an interface for DHCPv6 and RA.

    Our ISPs provide a /60 to customers so that means you could have 16 /64 networks. One for each interface on the XG and then some.

  • Bill Roland commented  ·   ·  Flag as inappropriate

    It is insane to find out that the XG does not support DHCPv6-PD. This is June 2017, even el-cheapo home routers have this.

  • Jack commented  ·   ·  Flag as inappropriate

    Hi !
    Windows server 2016 default DNS route hint IP addresses are defined using IPv6 so it's not working if sophos don't know how to route the IPv6 traffic.
    Of course I can manually configure route hints to IPv4 but it take some time and only because Sophos lacks this option.

  • Dirck commented  ·   ·  Flag as inappropriate

    Sophos, its time to come out of the stone age and support IPv6 fully including all required features such as DHCPv6-PD

  • Johan Josua Storm commented  ·   ·  Flag as inappropriate

    I was content with the XG firewall, as it did what it was supposed to, until i got an ipv6 address space from my provider and wanted to configure it on the XG firewall. Its just plainly not possible without the DHCP-PD possibility! And this is such a basic thing i am really considering another firewall to switch to, which can support this..

  • bigstrat2003 commented  ·   ·  Flag as inappropriate

    Definitely would like to see this as well. It's surprising to me that XG doesn't support DHCPv6-PD, when UTM did (albeit without the ability to configure options like prefix hints).

  • Todd Miller commented  ·   ·  Flag as inappropriate

    IPv6 works great in UTM9. Would love to see the same functionality ported over to XG. Currently can get an external IPv6 Address from my provider but can't send traffic via that address from my internal network. Rumor has this is that it's an incomplete/non-existent implementation of DHCPv6-PD. Please address.

2 Next →

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.