following a recommendation I heard from a guy from Cisco, on an IETF conference (IPv6 working group), I have since then configured a static route for 2000::/3, while the IPv6 default route was blackholed. (As IPv6 public addresses start with 2...:: or 3...:: exclusively, a route for 2000::/3 is enough - hijacking of addresses outside that list can no longer cause harm)
This worked fine up tille and including R80.10 :
# fw ver
This is Check Point's software version R80.10 - Build 027
(extract from the configuration)
set ipv6 static-route default nexthop blackhole
set ipv6 static-route 2000::/3 comment "Route public address space only"
set ipv6 static-route 2000::/3 nexthop gateway <-my:IPv6:routers:addres-> on
To my surprise, R80.20 refuses IPv6 static routes for masks <8 !
CP helpdesk was very quick to point at sk118074, claiming this - IPv6 routes for a /3 - is not possible since R75.
(which obviously is not true, since I have R80.10's configured like that)
CP helpdesk even closed the ticket before I could point this out to them : good for their statistics, bad for customer/partner feeling ...
Given the number of people that already voted in favor of supporting R77.30 for (at least !?) another year,
I would think Check Point has more important things to fix,
rather than breaking something which worked fine up till now 😞