This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
EspenH
Participant
‎2020-03-03 12:51 AM

Remote Access ipv6

Hi,

I am setting up a Endpoint VPN solution with Checkpoint. It needs to be force tunneling. 

Problem is that ipv6 does not go through the forced tunnel so when a computer gets ipv6 public ip it can basicilly bypass the tunnel..

Anyone know if there is a solution for this?

 

0 Kudos
6 Replies
G_W_Albrecht
MVP Silver
MVP Silver
‎2020-03-03 02:46 AM

sk163313 R80.30 IPv6 features and limitations says:

The following VPN features are not supported for IPv6:

  • Remote Access VPN
  • Wire Mode VPN
CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2020-03-03 07:57 AM

If you're using the full Endpoint client, it's firewall can block IPv6 entirely.
Beyond that, the Remote Access clients don't currently support IPv6.
0 Kudos
EspenH
Participant
‎2020-08-21 03:57 AM
In response to PhoneBoy

Anyone know if this will be supported in the future?

PhoneBoy
Admin
Admin
‎2020-08-21 06:51 AM
In response to EspenH

I assume it will be supported in the future.
If you have this requirement, I recommend engaging with your local Check Point office.

0 Kudos
514numbers
Contributor
‎2021-03-24 10:53 AM

I found a new solution that has just come out and tested / works as expected. No need for desktop policy / policy server or higher end VPN remote access product.

There is a new feature within the trac_client_1.ttm and supported on E84.50+ client ( easy to automatic upgrade ). This feature doesn't require the policy server desktop firewall.

We tested this and it works.

ref sk75221 ( attribute is on SK )

allow_ipv6 / string / Blocks or allows IPv6 traffic to the client / true / false / client_decide / false E80.50

0 Kudos
AndreiR
Employee Alumnus
Employee Alumnus
‎2024-04-17 04:22 AM

@EspenH and all,

Please point your attention to this post:

Support IPv6 in Remote Access VPN

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events