we are building R80.10 vSEC firewall with dual-stack enabled and we have 2 subnets inside DMZ, which will have Global unicast IPv6 subnet together with IPv4 subnet. However, this subnet is not directly connected to Check Point Gaia and we need to route to this subnet via another router. As we would prefer not to assign Global unicast IPv6 subnet on point-to-point connections between firewall and router, we decided to route to this global subnet using link-local addresses. However, I can't find a way to set up custom link-local address on Gaia Interface, such as fe80::5.
I though this would be possible as is on Cisco routers, where you just use:
ipv6 address FE80::AB8 link-local
but Gaia seems to refuse this. I can see link-local address derived from MAC address using EUI-64, we can probably use this, however will this IP be stable and won't change with some privacy extensions after restart or on other occasion? Or would it be better to just assign Global IPv6 subnets on whole path to DMZ?
Thanks for answers.