This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Lukas_Nagy
Participant
‎2018-08-07 06:07 AM

Custom IPv6 link-local address on Gaia interface

Hello,

we are building R80.10 vSEC firewall with dual-stack enabled and we have 2 subnets inside DMZ, which will have Global unicast IPv6 subnet together with IPv4 subnet. However, this subnet is not directly connected to Check Point Gaia and we need to route to this subnet via another router. As we would prefer not to assign Global unicast IPv6 subnet on point-to-point connections between firewall and router, we decided to route to this global subnet using link-local addresses. However, I can't find a way to set up custom link-local address on Gaia Interface, such as fe80::5.

I though this would be possible as is on Cisco routers, where you just use:

 ipv6 address FE80::AB8 link-local‍

but Gaia seems to refuse this. I can see link-local address derived from MAC address using EUI-64, we can probably use this, however will this IP be stable and won't change with some privacy extensions after restart or on other occasion?  Or would it be better to just assign Global IPv6 subnets on whole path to DMZ? 

Thanks for answers.

2 Replies
Matthias_Haas
Advisor
‎2018-11-27 01:40 AM

Hi Lukas,

I experienced the same behavior. You could configure VRRPv3 (should work with a single gateway too) which allows you to define a custom link local IP which you can use as a next hop gateway.

Matthias

0 Kudos
PhoneBoy
Admin
Admin
‎2018-11-27 09:35 PM

"Address has link local prefix" error when creating a manual Link local IPv6 address 

But you can do it with VRRPv3, as Matthias said.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top