This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DanM1
Participant
‎2021-05-26 03:37 AM

IPv6 Logical Server

Hello,

 

I Need to configure IPv6 Logical Server (R80&R81)  and when I'm trying to install the policy I'm receivng the attached error.

The configuration of Ipv6 Logical Server is quite simple, I added name, ipv6 address and a server group that contains only a host configured with IPv6 address. I also attached a image with the configuration.

 

Does anytone has an idea if this is suppported or not, or if it's a configuration error?

Thank you,

Dan

 

 

 

 

Preview file
4 KB
Preview file
18 KB
0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2021-05-26 08:04 AM

Does your logical server object have an IPv4 address assigned to it?
Given the vintage of this particular feature, believe that’s required.

0 Kudos
DanM1
Participant
‎2021-05-26 08:54 AM
In response to PhoneBoy

Hello, 

Thank you so much for your answer.

Since the post. I tried also other scenarios to configure Logical Server object with IPv6 address:


 1. Tried to enter a full IPv6 address = 128 bits -> no success and the same error;
 2. Tried to configure logical server with both IPv4 & IPv6 addresses (dual stack) -> at this point, when I'm trying to install the policy the error is changed: "Layer 'X': Error: '255.255.255.255' ip is included as a physical server Policy verification failed".  

This behaviour is on both, R80 and R81.

Note: There are no other issue regard policy instalation. If I disabled the rule that contains Logical Server Object configured with IPv6 the installation will succed.

 

At this moment I think the logical server can't be configured with IPv6 or with both IPv4+IPv6 addresses, but I couldn't find this in the documentation.

 

Thank you,

Dan

Preview file
4 KB
Preview file
17 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2021-05-26 01:17 PM
In response to DanM1

Outside of CloudGuard Network Security, R80.20 is the last time we've done any testing on this feature, at least according to: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 
However, that SK doesn't reflect we're still using this feature in that context.
Most of those contexts assume IPv4 only, where the feature does work.

Regardless, I suspect using Connect Control with IPv6 isn't supported and the above SK suggests it's not something we plan to address.

0 Kudos
DanM1
Participant
‎2021-05-26 01:30 PM
In response to PhoneBoy

Thank you so much for this great information.

Dan

 

 

0 Kudos