Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Configure failover with IPv6

Used product TZ500

I have a TZ500 with two interfaces configured as WAN in a failover group. This group is configured for failover only. No load balancing is active or required. Each WAN interface uses its own DSL router. From the DSL providers the routers aquire an IPv6 prefix in the providers address range. So each router has a different IPv6 prefix.

Currently all interfaces on the Sonicwall are configured for IPv4 only.

In order to use IPv6 in the network on the Sonicwalls LAN interface I have to configure IPv6 on the Sonicwall also.

As of now I found very limited info on doing IPv6 failover online. If there is such material available I would be more than happy for a hint.

Category: Entry Level Firewalls
Reply
Tagged:

Answers

  • MitatOngeMitatOnge Cybersecurity Overlord ✭✭✭

    You dont need additional config for IPv6. You should set to same as IPv4 settings.


  • stsc_srczstsc_srcz Newbie ✭

    Hi mitatonge,

    thank you for your reply. Before activating load balancing I have to assign IPv6 adresses to the Sonicwall LAN interface and the servers on my network.

    I don't want to assign adresses from my providers ranges. As you can see from the screenshot below I get two different prefixes. What would be "the best" way here? I am thinking about using ULA adresses.



    Would this require to activate NAT for IPv6 as described here? https://www.sonicwall.com/support/knowledge-base/lan-to-wan-ipv6-traffic-need-manually-add-nat-policy/170505534672880/


    Many regards

    stsc

  • stsc_srczstsc_srcz Newbie ✭
    edited April 14

    Hi everyone,

    I solved the issue. IPv6 with failover is now working. Here is what I did.

    1) created an ULA prefix using https://cd34.com/rfc4193/ and the MAC of Sonicwall X0 interface

    2) Assigned an IPv6 from the ULA range to the X0 Interface

    3) Assigned an IPv6 address from the ULA range to my intranet DNS server interface using the X0 IPv6 as gateway and configured the server to use Cloudflares and Opendns IPv6 DNS server as redirection servers.

    4) Assigned an IPv6 addresses from the ULA range to other servers using the X0 IPv6 as gateway and the intranet IPv6 DNS server address as DNS server

    5) Activated NAT for IPv6 as described here for X0 => X1 and X0 => X2: https://www.sonicwall.com/support/knowledge-base/lan-to-wan-ipv6-traffic-need-manually-add-nat-policy/170505534672880/

    6) Configured IPv6 failover as described by mitatonge

    7) Allowed IPv6 ping requests and answers in app rules

    8) "ping www.google.de -6" is now working


    I will monitor the network for the next few days and then activate DHCPv6 to distribute IPv6 addresses to workstations too.


    Pro of this solution is that I dont have to change my IPv6 adresses on a provider change.

    Con of this solution is that it uses NAT.


    Best wishes

    stsc

Sign In or Register to comment.