How to configure a SonicWall WAN interface with autonomous IPv6 address

Description

This article explains how to configure a SonicWall WAN interface with autonomous IPv6 address

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

In this article, the firewall is connected to the router which advertises the IPv6 prefix to the network.

Procedure:

Auto mode: The firewall listens to the network and receives prefix information from neighboring routers. Firewall will combine the prefix and the unique Interface Identifier address to assign an IPv6 stateless address to the WAN interface. Default gateway selection in this mode is based on the information collected from on-link routers.

To configure an interface in IPv6 Auto mode, perform the following steps:

  1. Login to SonicWall Management Interface
  2. Click on Network in the top navigation menu
  3. Navigate to the System | Interfaces page.
  4. Click on the IPv6 radio button at the top right corner of the page.

Image

  1. Click on the Configure icon for the interface you want to configure an IPv6 address for. The Edit Interface window displays. 
  2. Set the IP Assignment  to Auto

Image

  • Click on the Advanced tab, options in this page are all optional.

    • Disable all IPv6 Traffic on the Interface: Improves firewall performance for non-IPv6 traffic if the firewall is deployed in a pure IPv4 environment.
    • Duplicate Address Detection Transmits: Set a numerical value here to specify the number of consecutive Neighbor Solicitation messages sent while performing Duplicate Address Detection (DAD) before assigning a tentative address to interface. A value of 0 indicates that DAD is not performed on the interface.
    • Neighbor Discovery BaseReachableTime (seconds): The appliance sets the neighbor reachability status to Reachable, when the IPv6 interface receives a Neighbor Advertisement message within BaseReachableTime. A value of 0 indicates the parameter is not specified and the global setting in Network > Neighbor Discovery page will be used.

Image

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

In this article, the firewall is connected to the router which advertises the IPv6 prefix to the network.

Procedure:

Auto mode: The firewall listens to the network and receives prefix information from neighboring routers. Firewall will combine the prefix and the unique Interface Identifier address to assign an IPv6 stateless address to the WAN interface. Default gateway selection in this mode is based on the information collected from on-link routers.

To configure an interface in IPv6 Auto mode, perform the following steps:

  1. Login to SonicWall Management Interface
  2. Click on Manage in the top navigation menu
  3. Navigate to the Network > Interfaces page.
  4. Click on the IPv6 radio button at the top right corner of the page.

Image

  1. Click on the Configure icon for the interface you want to configure an IPv6 address for. The Edit Interface window displays. 
  2. Set the IP Assignment  to Auto

 Image

  • Click on the Advanced tab, options in this page are all optional.

    • Disable all IPv6 Traffic on the Interface: Improves firewall performance for non-IPv6 traffic if the firewall is deployed in a pure IPv4 environment.
    • Duplicate Address Detection Transmits: Set a numerical value here to specify the number of consecutive Neighbor Solicitation messages sent while performing Duplicate Address Detection (DAD) before assigning a tentative address to interface. A value of 0 indicates that DAD is not performed on the interface.
    • Neighbor Discovery BaseReachableTime (seconds): The appliance sets the neighbor reachability status to Reachable, when the IPv6 interface receives a Neighbor Advertisement message within BaseReachableTime. A value of 0 indicates the parameter is not specified and the global setting in Network > Neighbor Discovery page will be used.
    • Enable Max NDP Size Per Interface: Enable/Disable Max NDP size per Interface option. The default value is 128.

Image

After configuration and back to the Network > Interfaces page, we can see the configured Autonomous IPv6 address.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

In this article, the firewall is connected to the router which advertises the IPv6 prefix to the network.

Procedure:

Auto mode: the firewall listens to the network and receives prefix information from neighboring routers. Firewall will combine the prefix and the unique Interface Identifier address to assign an IPv6 stateless address to the WAN interface. Default gateway selection in this mode is based on the information collected from on-link routers.

 
To configure an interface in IPv6 Auto mode, perform the following steps:
 
1. Navigate to the Network > Interfaces page.
2. Click on the IPv6 radio button at the top right corner of the page.
3. Click on the Configure icon for the interface you want to configure an IPv6 address for. The Edit Interface window displays. The following options can be set when configuring the interface in Auto mode

  • IP Assignment: Auto?
    Image

 

  • Click on the Advanced tab, options in this page are all optional.

    • ?Disable all IPv6 Traffic on the Interface: Improves firewall performance for non-IPv6 traffic if the firewall is deployed in a pure IPv4 environment.
    • Duplicate Address Detection Transmits: Set a numerical value here to specify the number of consecutive Neighbor Solicitation messages sent while performing Duplicate Address Detection (DAD) before assigning a tentative address to interface. A value of 0 indicates that DAD is not performed on the interface.
    • Neighbor Discovery BaseReachableTime (seconds): The appliance sets the neighbor reachability status to Reachable, when the IPv6 interface receives a Neighbor Advertisement message within BaseReachableTime. A value of 0 indicates the parameter is not specified and the global setting in Network > Neighbor Discovery page will be used.
?Image

After configuration and back to the Network > Interfaces page, we can see the configured Autonomous IPv6 address.

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
SonicWall NSA Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
TZ Series
not finding your answers?
Ask the Community