Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Lukas_Nagy
Participant

Custom IPv6 link-local address on Gaia interface

Hello,

we are building R80.10 vSEC firewall with dual-stack enabled and we have 2 subnets inside DMZ, which will have Global unicast IPv6 subnet together with IPv4 subnet. However, this subnet is not directly connected to Check Point Gaia and we need to route to this subnet via another router. As we would prefer not to assign Global unicast IPv6 subnet on point-to-point connections between firewall and router, we decided to route to this global subnet using link-local addresses. However, I can't find a way to set up custom link-local address on Gaia Interface, such as fe80::5.

I though this would be possible as is on Cisco routers, where you just use:

 ipv6 address FE80::AB8 link-local

but Gaia seems to refuse this. I can see link-local address derived from MAC address using EUI-64, we can probably use this, however will this IP be stable and won't change with some privacy extensions after restart or on other occasion?  Or would it be better to just assign Global IPv6 subnets on whole path to DMZ? 

Thanks for answers.

2 Replies
Matthias_Haas
Advisor

Hi Lukas,

I experienced the same behavior. You could configure VRRPv3 (should work with a single gateway too) which allows you to define a custom link local IP which you can use as a next hop gateway.

Matthias

0 Kudos
PhoneBoy
Admin
Admin

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events