Configure IPv6 for a Trusted or Optional Interface

When you enable IPv6 for an interface, you can configure the interface with one or more static IPv6 addresses. You can also configure router advertisement of the IP address prefix.

You cannot use these special purpose IP addresses as an IPv6 interface address:

  • IP addresses that start with 2002, unless bits 17-48 specify a valid IPv4 address
  • IP addresses that start with FE80, because this specifies a link local address
  • IP addresses that start with FEC0, because this specifies a site local address
  • IP addresses that start with FF, because this is used for IPv6 multicast addresses

When you configure an IPv6 address for an interface, you must also configure an IPv4 address. All Firebox interfaces require IPv4 addresses.

Add a Static IPv6 IP Address

You can configure a trusted, optional, or custom interface with one or more static IPv6 addresses.

  1. Select Network > Interfaces.
    The Network Interfaces page appears.
  2. Select a trusted, optional, or custom interface. Click Edit.
  3. Select the IPv6 tab.
  4. Select the Enable IPv6 check box.

Screen shot of the IPv6 settings for a trusted interface in the Web UI

  1. Click Add.

Screen shot of the Add Static IPv6 Address dialog box in the Web UI

  1. Type the IPv6 IP address and the routing prefix length.
  2. To add the prefix for this IP address to the Prefix Advertisement list, select the Add Prefix Advertisement check box.
  3. Click OK.
    The IP address is added to the list
  1. Select Network > Configuration.
    The Network Configuration dialog box appears.
  2. Select a trusted, optional, or custom interface. Click Configure
    The Interface Settings dialog box appears.
  3. Select the IPv6 tab.
  4. Select the Enable IPv6 check box.

Screen shot of the IPv6 tab in the Interface Settings dialog box in Policy Manager

  1. Click Add.

Screen shot of the Add Static IP Address dialog box in Policy Manager

  1. Type the IPv6 IP address and the routing prefix length.
  2. To add the prefix for this IP address to the Prefix Advertisement list, select the Add Prefix Advertisement check box.
  3. Click OK.
    The IP address is added to the list

If you have enabled DHCPv6 Client Prefix Delegation for an external interface, the Add Static IPv6 Address dialog box includes a Use prefix delegation check box that you can select to use the delegated prefix in the static IPv6 address. For more information about how to use a delegated prefix, go to Configure DHCPv6 Client Prefix Delegation.

Configure Prefix Advertisements

To add a Prefix Advertisement prefix for a static IPv6 interface address:

In the Static IPv6 Addresses list, select the Add Prefix Advertisement check box adjacent to a configured static IP address. You can also select this check box when you add the static IP address.
The prefix for the static IP address is added to the Prefix Advertisement list.

Screen shot of the Prefix Advertisement list in the Web UI

Prefix Advertisement list in Fireware Web UI

Screen shot of the Prefix Advertisement list in Policy Manager

The Prefix Advertisement list in Policy Manager

When you add or edit a prefix advertisement, you can configure these settings:

  • Valid Lifetime — The length of time after the packet is sent that the prefix is valid for the purpose of onlink determination.
  • Preferred Lifetime — The length of time after the packet is sent that addresses generated from the prefix through stateless address autoconfiguration remain preferred.
  • Onlink — If enabled, a host can use this prefix to determine whether a destination is onlink as opposed to reachable only through a router.
  • Autonomous — If enabled, a host can use this prefix for stateless autoconfiguration of the link-local address.
  1. In the Router Advertisement section, select the Send Advertisement check box.
  2. Click Add.

Screen shot of the Add Prefix Advertisement dialog box in the Web UI
The Add Prefix Advertisement dialog box in Fireware Web UI

  1. In the Prefix text boxes, type IPv6 IP address and the routing prefix length.
    The prefix must be a network IP address in the format x:x::/xx.
  2. Configure the other prefix advertisement settings, or use the default settings:
  3. Click OK.
  1. In the Router Advertisement section, select the Send Advertisement check box.
  2. Click Add.

Screen shot of the Add Prefix Advertisement dialog box in Policy Manager
The Add Prefix Advertisement dialog box in Policy Manager

  1. In the Prefix text boxes, type IPv6 IP address and the routing prefix length.
    The prefix must be a network IP address in the format x:x::/xx.
  2. Configure the other prefix advertisement settings, or use the default settings:
  3. Click OK.

If you have enabled DHCPv6 Client Prefix Delegation for an external interface, the Add Prefix Advertisement dialog box includes a Use prefix delegation check box that you can select to use the delegated prefix in the prefix advertisement. For more information about how to use a delegated prefix, go to Configure DHCPv6 Client Prefix Delegation.

Edit a Prefix Advertisement

  1. To change the Autonomous and Onlink settings, select or clear the check box in the adjacent column.
  2. To edit other settings, select the Prefix Advertisement and click Edit.

Remove a Prefix Advertisement

  1. To remove the prefix advertisement associated with a configured static IP address, clear the Add Prefix Advertisement check box adjacent to the static IP address in the Static IPv6 Addresses table.
  2. To remove any other prefix advertisement, select the prefix in the Prefix Advertisement list. Then click Remove.

Configure Router Advertisement Settings

When you enable Router Advertisement, the interface sends the configured IP address prefixes in router advertisements on the local network. Router Advertisement is used for IPv6 neighbor discovery and IPv6 address autoconfiguration. Router Advertisement is automatically enabled when you add a prefix advertisement. When you enable router advertisement, you can also configure these settings:

  • M Flag — The managed address configuration flag. This flag indicates that host addresses are available through DHCPv6. If the M flag is selected, the O flag is ignored, because DHCPv6 returns all available configuration information. The M flag is disabled by default.
  • O Flag — The other stateful configuration flag. This flag indicates that other configuration information is available through DHCPv6. Examples of such information include DNS-related information, or information about other servers within the network. The O flag is disabled by default.
  • Default Lifetime — The lifetime associated with the default router. The default value is 30 minutes. The maximum is 150 minutes.
  • Maximum Interval — The maximum time allowed between unsolicited multicast router advertisements sent from the interface. It must be a value from 4 to 1800 seconds. The default value is 10 minutes.
  • Minimum Interval — The minimum time allowed between unsolicited multicast router advertisements sent from the interface. It must be a value from 3 to 1350 seconds. The default value is 200 seconds.
  1. Select the Send Advertisement check box to enable the Firebox to send periodic router advertisements and respond to router solicitations.

Screen shot of the Router Advertisement settings in the IPv6 tab of the Web UI
The Router Advertisement settings in Fireware Web UI

  1. Configure the Router Advertisement settings, or use the default settings.
  1. Select the Send Advertisement check box to enable the Firebox to send periodic router advertisements and respond to router solicitations.

Screen shot of the Router Advertisement settings in the IPv6 tab in Policy Manager
The Router Advertisement settings in Policy Manager

  1. Configure the Router Advertisement settings, or use the default settings.

Related Topics

About IPv6

About IPv6 Support in Fireware

Configure IPv6 Connection Settings

Common Interface Settings