Configure IPv6 for an External Interface
You can configure the external interface with an IPv6 address in addition to the IPv4 address. IPv6 is not enabled on any interface by default. When you enable IPv6 for an external interface, you can configure the interface with one or more static IPv6 addresses, and enable IP address autoconfiguration. You can also configure the interface to use DHCP to get an IPv6 address, and enable the interface as a DHCPv6 client for prefix delegation.
If you use DHCP to get an IPv6 address, or for IPv6 prefix delegation, you can see the assigned IP address and prefix in the Status Report tab in Firebox System Manager.
This topic describes IPv6 settings for an external interface. For information about IPv6 settings for a trusted or optional interface, go to Configure IPv6 for a Trusted or Optional Interface.
You cannot use these special purpose IP addresses as an IPv6 interface address:
- IP addresses that start with 2002, unless bits 17-48 specify a valid IPv4 address
- IP addresses that start with FE80, because this specifies a link local address
- IP addresses that start with FEC0, because this specifies a site local address
- IP addresses that start with FF, because this is used for IPv6 multicast addresses
In Fireware v12.9.2 or higher, you can use an IPv6 static address to configure an interface when you have a link local address as the default gateway.
When you configure an IPv6 address for an interface, you must also configure an IPv4 address. All Firebox interfaces require IPv4 addresses.
Enable IPv6
Before you can configure IPv6 settings, you must enable IPv6 in the interface settings.
- Select Network > Interfaces.
The Network Interfaces page appears. - Select an external interface. Click Configure.
The Interface Settings dialog box appears. - Select the IPv6 tab.
- Select the Enable IPv6 check box.
- Configure the IPv6 network settings, as described in the Add a Static IPv6 Address section.
- Select Network > Configuration.
The Network Configuration dialog box appears. - Select an external interface. Click Configure.
The Interface Settings dialog box appears. - Select the IPv6 tab.
- Select the Enable IPv6 check box.
- Configure the IPv6 network settings, as described in the Add a Static IPv6 Address section.
Add a Static IPv6 Address
To add a static IPv6 address:
- Adjacent to the Static IPv6 Addresses list, click Add.
The Add Static IPv6 Address dialog box appears. - Type the IPv6 IP address and the routing prefix length.
- Click OK.
The IP address is added to the list
Use IPv6 Address Autoconfiguration
IPv6 address autoconfiguration enables the device to automatically assign an IPv6 link-local address to this interface. When you enable IP address autoconfiguration, the external interface is automatically enabled to receive IPv6 router advertisements. With IPv6 address configuration enabled, it is not necessary to specify a default gateway.
To enable IPv6 Address Autoconfiguration:
Select the IP Address Autoconfiguration check box in the IPv6 tab.
For more information about IPv6 stateless address autoconfiguration, go to RFC 4862.
Use DHCPv6 to get an IPv6 Address
You can enable a DHCPv6 client on this interface to request an IP address from a DHCPv6 server. To get IPv6 addresses, the DHCPv6 client can use a rapid two-message exchange (solicit, reply) or a four-message exchange (solicit, advertise, request, reply). By default, the DHCPv6 client uses the four-message exchange. To use the two-message exchange, enable the Rapid Commit option on the interface and on the DHCPv6 server.
To enable DHCPv6 for the interface:
- Select Enable DHCPv6 Client.
- Select the Rapid Commit check box if you want to use a rapid two-message exchange to get an IPv6 address.
Use DHCPv6 to get a Delegated IPv6 Prefix
You can enable a DHCPv6 client on this interface to request an IPv6 network address prefix from a DHCP server on an external network. After you enable prefix delegation, you can use the prefix in the IPv6 settings for your trusted, optional, and custom interfaces. To get an IPv6 prefix, the DHCPv6 client can use a rapid two-message exchange (solicit, reply) or a four-message exchange (solicit, advertise, request, reply). By default, the DHCPv6 client uses the four-message exchange. To use the two-message exchange, enable the Rapid Commit option on the interface and on the DHCPv6 server.
To enable DHCPv6 prefix delegation for the interface:
- Select Enable DHCPv6 Client Prefix Delegation.
- Select the Rapid Commit check box if you want to use a rapid two-message exchange to get an IPv6 address.
For more information about prefix delegation, go to About DHCPv6 Prefix Delegation.
Configure the Default Gateway
When you enable IPv6 for an external interface, if you do not enable IPv6 address autoconfiguration, you must specify the default IPv6 gateway.
To specify the default gateway:
In the Default Gateway text box, type the IPv6 address of the default gateway.
Other IPv6 Settings
For information about the Hop Limit and DAD Transmits settings, go to Configure IPv6 Connection Settings.