This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
evlad
Participant
‎2021-11-14 05:06 AM
Jump to solution

No ipv6 addresses appears in Log on R80.30

The question is quite simple. We have two Checkpoint Clusters just on front of the Internet. And we never see even one incoming packet from ipv6 source in the Logs. Why? It's very strange. We are constantly suffering heavy buzz from all over the world. It's impossible that no one came from IPV6 address (they should be 10-20% of overall traffic).
I'm sure - we just cannot see them. Something wrong with FW configuration or with the query syntax (I tried search by ::, ::*, 2001::/16, ipv6...)
So the question is: what should be configured on the FWGw (Gaia R80.30) and what the proper query syntax to see all the traffic from ipv6 sources in LOG?

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2021-11-15 06:53 AM
In response to evlad
Jump to solution

With IPv6 disabled at the OS level, no IPv6 traffic was getting passed as there was no IPv6 stack to do it.
Don't believe IPv6 is mentioned at any point during the install, you must enable it after the fact and configure your security policy appropriately to pass the traffic.

You would enter fw6 tab -t connections on the command line.

View solution in original post

0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2021-11-14 11:06 AM
Jump to solution

Let’s start with the obvious question: do you have IPv6 enabled?
It’s not by default and must be explicitly enabled.
Without that, you won’t see any IPv6 traffic at all.

You can also see if you have any active IPv6 connections whatsoever with fw6 tab -t connections 

0 Kudos
evlad
Participant
‎2021-11-14 11:34 PM
In response to PhoneBoy
Jump to solution

Thank You so much PhoneBoy!
You are right, we have IPv6 disabled. I just find it now on WebConsole.
So You answered generally to my question, thanks!

But still I have some other questions:
- Is it means that all IPv6 traffic was rejected or dropped  until now?
- IPv6 is not a default option (as You say) but may be this option mentioned in any step of install.  I don't remember, if any choice given for IPv6 when CP Gw installation?
- And at last - I have not find "fw6 tab -t connections" command, where is it?

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-15 06:53 AM
In response to evlad
Jump to solution

With IPv6 disabled at the OS level, no IPv6 traffic was getting passed as there was no IPv6 stack to do it.
Don't believe IPv6 is mentioned at any point during the install, you must enable it after the fact and configure your security policy appropriately to pass the traffic.

You would enter fw6 tab -t connections on the command line.

0 Kudos
evlad
Participant
‎2021-11-18 12:47 AM
In response to PhoneBoy
Jump to solution

Thanks so much!
I didn't find set of fw6 commands on gaia 80 appliance (kind of deprecated commands on this version), but the issue is quite clear now. I've decide to enable IPv6 and watch how it will change the traffic log.

BR,
Evgeni 

0 Kudos
Danny
Champion Champion
Champion
‎2021-11-14 11:08 AM
Jump to solution

Is IPv6 enabled on your gateways?

IPv6 Support FAQ
IPv6 features and limitations starting R80.30

0 Kudos
evlad
Participant
‎2021-11-14 11:38 PM
In response to Danny
Jump to solution

Hi Danny,
No, now I see that it's disabled. Thanks! You all right guys.
I have some other questions that I've wrote in previous reply...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events