This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Surendra
Explorer
yesterday

Ipv6 to Ipv4 communication is not happening when we give ipv4 destination in security rule

Hi Team

we have NAT 64 rule for Ipv6 to Ipv4 communication, Ipv6 sources are able to communicate when we give ANY in destination in access rule. if we give specific ipv4 host or network it is not hitting the rule since request is looking for embedded ipv6 address in access rule.

source ip : ipv6 address

destination ip : 64:FF9B::/96

original destination is 190.x.x.x

 

check point firewall is not able to convert embedded ipv6 to original ipv4

 

please suggest us, how to fix ipv6 to ipv4 communication issue.

 

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee
yesterday

Which version/JHF are used in this deployment - have you opened a TAC case?

CCSM R77/R80/ELITE
0 Kudos
Tom_Kendrick
Employee
Employee
yesterday

Hi, this does work, but it's not simple 🙂

You need to use something (like Unbound) that will help you with DNS64, so that the address you request is converted to the embedded 64 version, and then use a special NAT rule, to take the traffic destined to the NAT64 addresses, and switch them to hide behind a IPv4 address (while also extracting the embedded IPv4 address from the IPv6 destination address) - If you're not confused, you are doing well!

 

Its discussed / documented here: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...

 

This was from within an isolated environment (so IP's are not public) when testing with breaking point. You need to make sure the NAT rule is set correctly - like this....

 

64example.png

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events