About IPv6 Support
Fireware supports many features for IPv6 traffic.
- IPv6 addressing — You can add a static IPv6 address to the External, Trusted, Optional, or Custom interfaces when the Firebox is configured in mixed routing mode. This includes VLAN, Bridge, and Link Aggregation interfaces.
For more information, see Configure IPv6 for an External Interface and Configure IPv6 for a Trusted or Optional Interface.
- IPv6 DNS servers — You can add an IPv6 address to specify a DNS server.
- IPv6 static routes — You can add an IPv6 host or network static route.
- IPv6 Dynamic routing protocols — RIPng, OSPFv3, and BGP.
- IPv6 BOVPN virtual interface routes — You can add an IPv6 route through an IPv4 BOVPN virtual interface.
- IPv6 device administration — You can connect to your Firebox with the static IPv6 address to administer your Firebox with Fireware Web UI or the CLI. You cannot connect to the Firebox from WatchGuard System Manager with the static IPv6 address.
- Diagnostic logging — You can set the diagnostic log level for IPv6 advertisements.
For information about how to configure diagnostic log levels, see Set the Diagnostic Log Level.
- IPv6 Ping — You can ping IPv6 addresses in Firebox System Manager Diagnostic tasks.
- Packet filter policies — You can specify IPv6 addresses in packet filter policies.
- MAC access control — Applies to both IPv6 and IPv4 traffic.
- Inspection of traffic received and sent by the same interface — Applies to both IPv6 and IPv4 traffic.
- Blocked sites and exceptions — You can specify an IPv6 address when you define a blocked site or exception.
- Blocked ports — Applies to both IPv6 and IPv4 traffic.
- TCP SYN setting — The Enable TCP SYN packet and connection state verification setting in Global Settings applies to both IPv6 and IPv4 traffic.
- Application Control
- Intrusion Prevention Service
- Flood attack prevention — The Default Packet Handling settings to block flood attacks apply to both IPv6 and IPv4 traffic.
- Authentication — IPv6 addresses are supported for Firewall authentication.
- Proxy policies
- All WatchGuard subscription services
All other networking and security features are not yet supported for IPv6 traffic. This includes:
- Authentication — Single Sign-On, Terminal Services, VPN support, fully qualified domain names (FQDN) for RADIUS and SecurID servers, automatic redirect of users to the Authentication page.
- Default packet handling other than flood protection
- Server load balancing
- Traffic Management and QoS
- Drop-in mode
- Bridge mode
- MAC/IP address binding
- Branch Office VPN
- Mobile VPN
- Wireless and modem
Any other feature not in the list of supported IPv6 features is not supported for IPv6 traffic.
WatchGuard continues to add more IPv6 support to Fireware OS. For more information about the WatchGuard IPv6 roadmap, see http://www.watchguard.com/wgrd-resource-center/ipv6-readiness.