- CheckMates
- :
- Products
- :
- Quantum
- :
- Maestro Masters
- :
- Re: Issue on IPv6 Traffic - Maestro
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Issue on IPv6 Traffic - Maestro
Hello,
I have 2 MHO 140 Orchestrators in redundancy. It's running r80.20 SP. I have installed the latest hotfix 242 on MHO and Maestro Gateways. We have 4 GW's on the same SG managed by 2 MHO 140 Orchestrators.
Out of 4 Maestro GWs, IPv6 is not working on 2 Maestro GWs. I have configured the default IPv6 route on SG and it's reflected on all the GWs. I checked on all the gateway one by one and the configuration is same on all the GWs. However, only from 2 GWs, I am able to reach outside(google, other) IPv6 addresses. From the other 2 GW's, I am only able to reach my IPv6 default gateway.
Please note that I have detached and re-attached both the GW's many times thinking if that could resolve the issue. But it didn't help. So, at a time, only 2 GW's are able to process IPv6 traffic.
Is there any issue with IPv6 when I have more than 2 GW's? I have read r80.20 limitations and it seems like there are many limitations when it comes to IPv6.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I found the solution. Sorry for posting it a bit late.
Actually, ICMPv6 Neighbor Discovery Protocol must be explicitly allowed in the Firewall rules. Previously, I have configured IPv6 only on the router where ICMPv6 Neighbor Discovery is enabled by default. So, after creating a security policy allowing ICMPv6 Neighbor Discovery Protocol, it worked.
Its mentioned in this SK
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/103490.htm
Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, all were on the same 191. However, it didn't work so I installed 242.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Out of 4 GWs, it only works on any 2 GWs.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
All I can say here is: open a case with TAC.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Thank you for the update. I will open a support case. I will post here if the TAC resolves the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I found the solution. Sorry for posting it a bit late.
Actually, ICMPv6 Neighbor Discovery Protocol must be explicitly allowed in the Firewall rules. Previously, I have configured IPv6 only on the router where ICMPv6 Neighbor Discovery is enabled by default. So, after creating a security policy allowing ICMPv6 Neighbor Discovery Protocol, it worked.
Its mentioned in this SK
https://sc1.checkpoint.com/documents/R77/CP_R77_SecurityGatewayTech_WebAdmin/103490.htm
Thank you!