Showing results for 
Search instead for 
Did you mean: 
Create a Post

IPv6 static route for 2000::/3 no longer possible (R80.20)


following a recommendation I heard from a guy from Cisco, on an IETF conference (IPv6 working group), I have since then configured a static route for 2000::/3, while the IPv6 default route was blackholed.  (As IPv6 public addresses start with 2...:: or 3...:: exclusively, a route for 2000::/3 is enough - hijacking of addresses outside that list can no longer cause harm)

This worked fine up tille and including R80.10 :

# fw ver
This is Check Point's software version R80.10 - Build 027

(extract from the configuration)

set ipv6 static-route default nexthop blackhole
set ipv6 static-route 2000::/3 comment "Route public address space only"
set ipv6 static-route 2000::/3 nexthop gateway <-my:IPv6:routers:addres-> on

To my surprise, R80.20 refuses IPv6 static routes for masks <8 !

CP helpdesk was very quick to point at sk118074, claiming this - IPv6 routes for a /3 - is not possible since R75.
(which obviously is not true, since I have R80.10's configured like that)

CP helpdesk even closed the ticket before I could point this out to them : good for their statistics, bad for customer/partner feeling ...

Given the number of people that already voted in favor of supporting R77.30 for (at least !?) another year,
I would think Check Point has more important things to fix,
rather than breaking something which worked fine up till now 😞


Tags (2)
0 Kudos
2 Replies

Re: IPv6 static route for 2000::/3 no longer possible (R80.20)

@Hugo van der Kooij: What are you thinking about this in regards to your post here?


Re: IPv6 static route for 2000::/3 no longer possible (R80.20)

Based on that SK, one could argue that the fact the OS allowed configuring IPv6 with mask length less than 8 as a defect that we "fixed" in R80.20. Smiley Happy

That said, I see the other side of it.

We would probably have to address it as an RFE.

0 Kudos