Configure IPv6 for an External Interface

You can configure the external interface with an IPv6 address in addition to the IPv4 address. IPv6 is not enabled on any interface by default. When you enable IPv6 for an external interface, you can configure the interface with one or more static IPv6 addresses, and enable IP address autoconfiguration. You can also configure the interface to use DHCP to get an IPv6 address, and enable the interface as a DHCPv6 client for prefix delegation.

If you use DHCP to get an IPv6 address, or for IPv6 prefix delegation, you can see the assigned IP address and prefix in the Status Report tab in Firebox System Manager.

This topic describes IPv6 settings for an external interface. For information about IPv6 settings for a trusted or optional interface, see Configure IPv6 for a Trusted or Optional Interface.

You cannot use these special purpose IP addresses as an IPv6 interface address:

  • IP addresses that start with 2002, unless bits 17-48 specify a valid IPv4 address
  • IP addresses that start with FE80, because this specifies a link local address
  • IP addresses that start with FEC0, because this specifies a site local address
  • IP addresses that start with FF, because this is used for IPv6 multicast addresses

When you configure an IPv6 address for an interface, you must also configure an IPv4 address. All Firebox interfaces require IPv4 addresses.

Enable IPv6

Before you can configure IPv6 settings, you must enable IPv6 in the interface settings.

  1. Select Network > Interfaces.
    The Network Interfaces page appears.
  2. Select an external interface. Click Configure.
    The Interface Settings dialog box appears.
  3. Select the IPv6 tab.
  4. Select the Enable IPv6 check box.

Screen shot of the Interface Configuration - External dialog box, IPv6 tab

  1. Configure the IPv6 network settings, as described in the Add a Static IPv6 Address section.
  1. Select Network > Configuration.
    The Network Configuration dialog box appears.
  2. Select an external interface. Click Configure.
    The Interface Settings dialog box appears.
  3. Select the IPv6 tab.
  4. Select the Enable IPv6 check box.

Screen shot of the Interface Settings dialog box for an external interface, IPv6 settings

  1. Configure the IPv6 network settings, as described in the Add a Static IPv6 Address section.

Add a Static IPv6 Address

To add a static IPv6 address:

  1. Adjacent to the Static IPv6 Addresses list, click Add.
    The Add Static IPv6 Address dialog box appears.
  2. Type the IPv6 IP address and the routing prefix length.
  3. Click OK.
    The IP address is added to the list

Use IPv6 Address Autoconfiguration

IPv6 address autoconfiguration enables the device to automatically assign an IPv6 link-local address to this interface. When you enable IP address autoconfiguration, the external interface is automatically enabled to receive IPv6 router advertisements. With IPv6 address configuration enabled, it is not necessary to specify a default gateway.

To enable IPv6 Address Autoconfiguration:

Select the IP Address Autoconfiguration check box in the IPv6 tab.

For more information about IPv6 stateless address autoconfiguration, see RFC 4862.

Use DHCPv6 to get an IPv6 Address

You can enable a DHCPv6 client on this interface to request an IP address from a DHCPv6 server. To get IPv6 addresses, the DHCPv6 client can use a rapid two-message exchange (solicit, reply) or a four-message exchange (solicit, advertise, request, reply). By default, the DHCPv6 client uses the four-message exchange. To use the two-message exchange, enable the Rapid Commit option on the interface and on the DHCPv6 server.

To enable DHCPv6 for the interface:

  1. Select Enable DHCPv6 Client.
  2. Select the Rapid Commit check box if you want to use a rapid two-message exchange to get an IPv6 address.

Use DHCPv6 to get a Delegated IPv6 Prefix

You can enable a DHCPv6 client on this interface to request an IPv6 network address prefix from a DHCP server on an external network. After you enable prefix delegation, you can use the prefix in the IPv6 settings for your trusted, optional, and custom interfaces. To get an IPv6 prefix, the DHCPv6 client can use a rapid two-message exchange (solicit, reply) or a four-message exchange (solicit, advertise, request, reply). By default, the DHCPv6 client uses the four-message exchange. To use the two-message exchange, enable the Rapid Commit option on the interface and on the DHCPv6 server.

To enable DHCPv6 prefix delegation for the interface:

  1. Select Enable DHCPv6 Client Prefix Delegation.
  2. Select the Rapid Commit check box if you want to use a rapid two-message exchange to get an IPv6 address.

For more information about prefix delegation, see About DHCPv6 Prefix Delegation.

Configure the Default Gateway

When you enable IPv6 for an external interface, if you do not enable IPv6 address autoconfiguration, you must specify the default IPv6 gateway.

To specify the default gateway:

In the Default Gateway text box, type the IPv6 address of the default gateway.

Other IPv6 Settings

For information about the Hop Limit and DAD Transmits settings, see Configure IPv6 Connection Settings.

See Also

About IPv6

About IPv6 Support in Fireware

Common Interface Settings