Configure IPv6 for a Trusted or Optional Interface

When you enable IPv6 for an interface, you can configure the interface with one or more static IPv6 addresses. You can also configure router advertisement of the IP address prefix.

You cannot use these special purpose IP addresses as an IPv6 interface address:

  • IP addresses that start with 2002, unless bits 17-48 specify a valid IPv4 address
  • IP addresses that start with FE80, because this specifies a link local address
  • IP addresses that start with FEC0, because this specifies a site local address
  • IP addresses that start with FF, because this is used for IPv6 multicast addresses

When you configure an IPv6 address for an interface, you must also configure an IPv4 address. All Firebox interfaces require IPv4 addresses.

Add a Static IPv6 IP Address

You can configure a trusted, optional, or custom interface with one or more static IPv6 addresses.

If you have enabled DHCPv6 Client Prefix Delegation for an external interface, the Add Static IPv6 Address dialog box includes a Use prefix delegation check box that you can select to use the delegated prefix in the static IPv6 address. For more information about how to use a delegated prefix, see Configure DHCPv6 Client Prefix Delegation.

Configure Prefix Advertisements

To add a Prefix Advertisement prefix for a static IPv6 interface address:

In the Static IPv6 Addresses list, select the Add Prefix Advertisement check box adjacent to a configured static IP address. You can also select this check box when you add the static IP address.
The prefix for the static IP address is added to the Prefix Advertisement list.

Screen shot of the Prefix Advertisement list in the Web UI

Prefix Advertisement list in Fireware Web UI

Screen shot of the Prefix Advertisement list in Policy Manager

The Prefix Advertisement list in Policy Manager

When you add or edit a prefix advertisement, you can configure these settings:

  • Valid Lifetime — The length of time after the packet is sent that the prefix is valid for the purpose of onlink determination.
  • Preferred Lifetime — The length of time after the packet is sent that addresses generated from the prefix through stateless address autoconfiguration remain preferred.
  • Onlink — If enabled, a host can use this prefix to determine whether a destination is onlink as opposed to reachable only through a router.
  • Autonomous — If enabled, a host can use this prefix for stateless autoconfiguration of the link-local address.

If you have enabled DHCPv6 Client Prefix Delegation for an external interface, the Add Prefix Advertisement dialog box includes a Use prefix delegation check box that you can select to use the delegated prefix in the prefix advertisement. For more information about how to use a delegated prefix, see Configure DHCPv6 Client Prefix Delegation.

Edit a Prefix Advertisement

  1. To change the Autonomous and Onlink settings, select or clear the check box in the adjacent column.
  2. To edit other settings, select the Prefix Advertisement and click Edit.

Remove a Prefix Advertisement

  1. To remove the prefix advertisement associated with a configured static IP address, clear the Add Prefix Advertisement check box adjacent to the static IP address in the Static IPv6 Addresses table.
  2. To remove any other prefix advertisement, select the prefix in the Prefix Advertisement list. Then click Remove.

Configure Router Advertisement Settings

When you enable Router Advertisement, the interface sends the configured IP address prefixes in router advertisements on the local network. Router Advertisement is used for IPv6 neighbor discovery and IPv6 address autoconfiguration. Router Advertisement is automatically enabled when you add a prefix advertisement. When you enable router advertisement, you can also configure these settings:

  • M Flag — The managed address configuration flag. This flag indicates that host addresses are available through DHCPv6. If the M flag is selected, the O flag is ignored, because DHCPv6 returns all available configuration information. The M flag is disabled by default.
  • O Flag — The other stateful configuration flag. This flag indicates that other configuration information is available through DHCPv6. Examples of such information include DNS-related information, or information about other servers within the network. The O flag is disabled by default.
  • Default Lifetime — The lifetime associated with the default router. The default value is 30 minutes. The maximum is 150 minutes.
  • Maximum Interval — The maximum time allowed between unsolicited multicast router advertisements sent from the interface. It must be a value from 4 to 1800 seconds. The default value is 10 minutes.
  • Minimum Interval — The minimum time allowed between unsolicited multicast router advertisements sent from the interface. It must be a value from 3 to 1350 seconds. The default value is 200 seconds.

See Also

About IPv6

About IPv6 Support in Fireware

Configure IPv6 Connection Settings

Common Interface Settings