Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Nischit
Contributor
Jump to solution

Issue on IPv6 Traffic - Maestro

Hello,

I have 2 MHO 140 Orchestrators in redundancy. It's running r80.20 SP. I have installed the latest hotfix 242 on MHO and Maestro Gateways. We have 4 GW's on the same SG managed by 2 MHO 140 Orchestrators. 

Out of 4 Maestro GWs, IPv6 is not working on 2 Maestro GWs. I have configured the default IPv6 route on SG and it's reflected on all the GWs.  I checked on all the gateway one by one and the configuration is same on all the GWs. However, only from 2 GWs, I am able to reach outside(google, other) IPv6 addresses. From the other 2 GW's, I am only able to reach my IPv6 default gateway. 

Please note that I have detached and re-attached both the GW's many times thinking if that could resolve the issue. But it didn't help. So, at a time, only 2 GW's are able to process IPv6 traffic. 

Is there any issue with IPv6 when I have more than 2 GW's? I have read r80.20 limitations and it seems like there are many limitations when it comes to IPv6.

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

1 Solution

Accepted Solutions
Nischit
Contributor

Hi, 

I found the solution. Sorry for posting it a bit late. 

Actually, ICMPv6 Neighbor Discovery Protocol must be explicitly allowed in the Firewall rules. Previously, I have configured IPv6 only on the router where ICMPv6 Neighbor Discovery is enabled by default. So, after creating a security policy allowing ICMPv6 Neighbor Discovery Protocol, it worked. 

Its mentioned in this SK 
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/103490.htm 


Thank you!

View solution in original post

6 Replies
Maarten_Sjouw
Champion
Champion
Are all gateways on the same Jumbo version, preferably 191?
Regards, Maarten
Nischit
Contributor

Yes, all were on the same 191. However, it didn't work so I installed 242. 

Nischit
Contributor

Out of 4 GWs, it only works on any 2 GWs. 

Maarten_Sjouw
Champion
Champion

All I can say here is: open a case with TAC.

Regards, Maarten
Nischit
Contributor

Hi, 

 

Thank you for the update. I will open a support case. I will post here if the TAC resolves the issue. 

Nischit
Contributor

Hi, 

I found the solution. Sorry for posting it a bit late. 

Actually, ICMPv6 Neighbor Discovery Protocol must be explicitly allowed in the Firewall rules. Previously, I have configured IPv6 only on the router where ICMPv6 Neighbor Discovery is enabled by default. So, after creating a security policy allowing ICMPv6 Neighbor Discovery Protocol, it worked. 

Its mentioned in this SK 
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/103490.htm 


Thank you!