Re: Remote Access Client for Windows + IPv6

HeikoAnkenbrand · ‎2021-05-11

The VPN Remote Access Client does not support IPv6.

This means that every PC with an installed VPN Remote Access Client can reach the Internet via IPv6. No firewall rules are active for IPv6. All IPv6 traffic is permitted.

In my case, turning off the IPv6 stack under Windows is not a solution.

Is there a way to prevent IPv6 communication with Check Point settings?

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

PhoneBoy · ‎2021-05-11

This requires firewall functionality in the VPN client, thus you must use Endpoint Security VPN.
And, it should be possible to configure IPv6 rules: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

HeikoAnkenbrand · ‎2021-05-12

Hi @PhoneBoy,

Thanks!

I no longer understand anything here:-)
The following sk67820: Check Point Remote Access Solutions describes that there is no IPv6 support.

PS:

I find the description of the endpoint VPN clients suboptimal.
The following points should be revised here:
- Clearly structured SK
- Documentations
- List with functions matching the version
- Battle cards to compare with other vendors
...

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

_Val_ · ‎2021-05-12

I believe the quoted table is for VPN functionality. You cannot do IPsec to IPv6 addresses with the clients above. @PhoneBoy is talking about Desktop security rules. No contradiction.

Jan_Kleinhans · ‎2021-10-21

Hello Val,

is this feature on the roadmap? In germany many mobile providers are using dual stack with CGNAT for IPv4 which is not an ideal solution.

Regards,

Jan

_Val_ · ‎2021-10-21

Please rase an RFE for that with your local Check Point office.

Jan_Kleinhans · ‎2021-10-21

I will do so.

dede79 · ‎2023-10-05

Any Update regarding the issue? Are Desktop Policys with IPv6 possible?

Chris_Atkinson · ‎2023-10-05

Expect it to be aligned with the R82 release or there about.

For further details please discuss it with your local SE.

CCSM R77/R80/ELITE

HeikoAnkenbrand · ‎2023-10-05

Hi @Chris_Atkinson

The local SEs do not give us any further information here either.
Will IPv6 be supported with R82 and E8x client?

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Chris_Atkinson · ‎2023-10-05

Most likely a new gateway and client version is needed.

CCSM R77/R80/ELITE

PhoneBoy · ‎2023-10-06

Not at present.
As stated by others, this is expected to be addressed as part of the next major release train (R82.x).
For formal timing/commitment, please reach out to your local Check Point office.

AndreiR · ‎2024-04-17

@HeikoAnkenbrand and all,

Please point your attention to this post:

Support IPv6 in Remote Access VPN

Are you a member of CheckMates?

Endpoint Security VPN + IPv6