- Products
- Learn
- Local User Groups
- Partners
- More
Maestro Masters
Round Table session with Maestro experts
Hello,
I have 2 MHO 140 Orchestrators in redundancy. It's running r80.20 SP. I have installed the latest hotfix 242 on MHO and Maestro Gateways. We have 4 GW's on the same SG managed by 2 MHO 140 Orchestrators. 
Out of 4 Maestro GWs, IPv6 is not working on 2 Maestro GWs. I have configured the default IPv6 route on SG and it's reflected on all the GWs.  I checked on all the gateway one by one and the configuration is same on all the GWs. However, only from 2 GWs, I am able to reach outside(google, other) IPv6 addresses. From the other 2 GW's, I am only able to reach my IPv6 default gateway. 
Please note that I have detached and re-attached both the GW's many times thinking if that could resolve the issue. But it didn't help. So, at a time, only 2 GW's are able to process IPv6 traffic. 
Is there any issue with IPv6 when I have more than 2 GW's? I have read r80.20 limitations and it seems like there are many limitations when it comes to IPv6.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Hi, 
I found the solution. Sorry for posting it a bit late. 
Actually, ICMPv6 Neighbor Discovery Protocol must be explicitly allowed in the Firewall rules. Previously, I have configured IPv6 only on the router where ICMPv6 Neighbor Discovery is enabled by default. So, after creating a security policy allowing ICMPv6 Neighbor Discovery Protocol, it worked. 
Its mentioned in this SK 
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/103490.htm 
Thank you!
Yes, all were on the same 191. However, it didn't work so I installed 242.
Out of 4 GWs, it only works on any 2 GWs.
All I can say here is: open a case with TAC.
Hi,
Thank you for the update. I will open a support case. I will post here if the TAC resolves the issue.
Hi, 
I found the solution. Sorry for posting it a bit late. 
Actually, ICMPv6 Neighbor Discovery Protocol must be explicitly allowed in the Firewall rules. Previously, I have configured IPv6 only on the router where ICMPv6 Neighbor Discovery is enabled by default. So, after creating a security policy allowing ICMPv6 Neighbor Discovery Protocol, it worked. 
Its mentioned in this SK 
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/103490.htm 
Thank you!
Hello,
I have 2 MHO 140 Orchestrators in redundancy. It's running r80.20 SP. I have installed the latest hotfix 242 on MHO and Maestro Gateways. We have 4 GW's on the same SG managed by 2 MHO 140 Orchestrators. 
Out of 4 Maestro GWs, IPv6 is not working on 2 Maestro GWs. I have configured the default IPv6 route on SG and it's reflected on all the GWs.  I checked on all the gateway one by one and the configuration is same on all the GWs. However, only from 2 GWs, I am able to reach outside(google, other) IPv6 addresses. From the other 2 GW's, I am only able to reach my IPv6 default gateway. 
Please note that I have detached and re-attached both the GW's many times thinking if that could resolve the issue. But it didn't help. So, at a time, only 2 GW's are able to process IPv6 traffic. 
Is there any issue with IPv6 when I have more than 2 GW's? I have read r80.20 limitations and it seems like there are many limitations when it comes to IPv6.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk148074#Non%20Supported%20Features%20-%20Networking%20-%20IPv6 
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 15 | |
| 5 | |
| 5 | |
| 4 | |
| 2 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | 
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY