This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Nischit
Contributor
‎2020-03-04 10:03 AM

Issue on IPv6 Traffic - Maestro

Jump to solution

Hello,

I have 2 MHO 140 Orchestrators in redundancy. It's running r80.20 SP. I have installed the latest hotfix 242 on MHO and Maestro Gateways. We have 4 GW's on the same SG managed by 2 MHO 140 Orchestrators. 

Out of 4 Maestro GWs, IPv6 is not working on 2 Maestro GWs. I have configured the default IPv6 route on SG and it's reflected on all the GWs.  I checked on all the gateway one by one and the configuration is same on all the GWs. However, only from 2 GWs, I am able to reach outside(google, other) IPv6 addresses. From the other 2 GW's, I am only able to reach my IPv6 default gateway. 

Please note that I have detached and re-attached both the GW's many times thinking if that could resolve the issue. But it didn't help. So, at a time, only 2 GW's are able to process IPv6 traffic. 

Is there any issue with IPv6 when I have more than 2 GW's? I have read r80.20 limitations and it seems like there are many limitations when it comes to IPv6.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

Reply
1 Solution

Accepted Solutions
Nischit
Contributor
‎2020-04-21 07:10 AM
In response to Nischit

Jump to solution

Hi, 

I found the solution. Sorry for posting it a bit late. 

Actually, ICMPv6 Neighbor Discovery Protocol must be explicitly allowed in the Firewall rules. Previously, I have configured IPv6 only on the router where ICMPv6 Neighbor Discovery is enabled by default. So, after creating a security policy allowing ICMPv6 Neighbor Discovery Protocol, it worked. 

Its mentioned in this SK 
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/103490.htm 


Thank you!

View solution in original post

Reply
6 Replies
Maarten_Sjouw
Champion
Champion
‎2020-03-04 10:50 AM

Jump to solution
Are all gateways on the same Jumbo version, preferably 191?
Regards, Maarten
Reply
Nischit
Contributor
‎2020-03-04 10:52 AM
In response to Maarten_Sjouw

Jump to solution

Yes, all were on the same 191. However, it didn't work so I installed 242. 

Reply
Nischit
Contributor
‎2020-03-04 10:57 AM
In response to Nischit

Jump to solution

Out of 4 GWs, it only works on any 2 GWs. 

Reply
Maarten_Sjouw
Champion
Champion
‎2020-03-04 02:20 PM
In response to Nischit

Jump to solution

All I can say here is: open a case with TAC.

Regards, Maarten
Reply
Nischit
Contributor
‎2020-03-04 08:04 PM
In response to Maarten_Sjouw

Jump to solution

Hi, 

 

Thank you for the update. I will open a support case. I will post here if the TAC resolves the issue. 

Reply
Nischit
Contributor
‎2020-04-21 07:10 AM
In response to Nischit

Jump to solution

Hi, 

I found the solution. Sorry for posting it a bit late. 

Actually, ICMPv6 Neighbor Discovery Protocol must be explicitly allowed in the Firewall rules. Previously, I have configured IPv6 only on the router where ICMPv6 Neighbor Discovery is enabled by default. So, after creating a security policy allowing ICMPv6 Neighbor Discovery Protocol, it worked. 

Its mentioned in this SK 
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/103490.htm 


Thank you!

View solution in original post

Reply