Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
HeikoAnkenbrand
Champion Champion
Champion

Endpoint Security VPN + IPv6

The VPN Remote Access Client does not support IPv6.

This means that every PC with an installed VPN Remote Access Client can reach the Internet via IPv6. No firewall rules are active for IPv6. All IPv6  traffic is permitted.

In my case, turning off the IPv6 stack under Windows is not a solution.

Is there a way to prevent IPv6 communication with Check Point settings?

➜ CCSM Elite, CCME, CCTE
11 Replies
PhoneBoy
Admin
Admin

This requires firewall functionality in the VPN client, thus you must use Endpoint Security VPN.
And, it should be possible to configure IPv6 rules: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @PhoneBoy,

Thanks!

I no longer understand anything here:-)
The following sk67820: Check Point Remote Access Solutions describes that there is no IPv6 support.

SC_IPv6.PNG

PS:

I find the description of the endpoint VPN clients suboptimal.
The following points should be revised here:
- Clearly structured SK
- Documentations
- List with functions matching the version
- Battle cards to compare with other vendors
...

➜ CCSM Elite, CCME, CCTE
_Val_
Admin
Admin

I believe the quoted table is for VPN functionality. You cannot do IPsec to IPv6 addresses with the clients above. @PhoneBoy is talking about Desktop security rules. No contradiction.

Jan_Kleinhans
Advisor

Hello Val,

is this feature on the roadmap? In germany many mobile providers are using dual stack with CGNAT for IPv4 which is not an ideal solution.

Regards,

Jan

0 Kudos
_Val_
Admin
Admin

Please rase an RFE for that with your local Check Point office.

0 Kudos
Jan_Kleinhans
Advisor

I will do so.

0 Kudos
dede79
Contributor

Any Update regarding the issue? Are Desktop Policys with IPv6 possible?

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Expect it to be aligned with the R82 release or there about.

For further details please discuss it with your local SE.

 

CCSM R77/R80/ELITE
0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @Chris_Atkinson 

The local SEs do not give us any further information here either.
Will IPv6 be supported with R82 and E8x client?

➜ CCSM Elite, CCME, CCTE
0 Kudos
Chris_Atkinson
Employee Employee
Employee

Most likely a new gateway and client version is needed.

CCSM R77/R80/ELITE
PhoneBoy
Admin
Admin

Not at present.
As stated by others, this is expected to be addressed as part of the next major release train (R82.x).
For formal timing/commitment, please reach out to your local Check Point office. 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events