Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Sophos XG Firewall setup, anyone?  (Read 6571 times)

BlackChart

  • Newbie
  • *
  • Posts: 4
Sophos XG Firewall setup, anyone?
« on: September 24, 2017, 08:08:47 AM »

Have anyone of you sucessfully gotten connection to HE.net from a Sophos XG Firewall?

I've tried different configs, but everytime I only get a fe80 address, and not the one I'm supposed to.

My current config:
Tunnel Name: Hurricane
Tunne type: 6in4
Zone: WAN
Local Endpoint: {my-WAN-IP}
Remote Endpoint: 216.66.80.90 (from the HE.net infos)
Logged

bbecker79

  • Newbie
  • *
  • Posts: 3
Re: Sophos XG Firewall setup, anyone?
« Reply #1 on: August 22, 2018, 05:16:21 AM »

have you ever gotten this to work?
Logged

Taurus42

  • Newbie
  • *
  • Posts: 1
Re: Sophos XG Firewall setup, anyone?
« Reply #2 on: March 15, 2021, 09:38:27 AM »

Yes, I know I'm replying to a really old post but since I couldn't find anything when searching this topic myself I wanted to share my findings:

Server IPv4 Address: 216.66.80.90
Server IPv6 Address: 2001:x:27:y::1/64
Client IPv4 Address: 65.x.y.z
Client IPv6 Address: 2001:x:27:y::2/64
Routed IPv6 Prefixes
Routed /64: 2001:x:28:y::/64

Sophos XG 18.0.4

Network -> IP Tunnels -> Add
 - Name: HE Tunnel
 - Tunnel type: 6to4
 - Zone: WAN
 - Remote Endpoint: 216.66.80.90 (HE Server IPv4 Address)
 - Local Endpoint: 65.x.y.z (Client IPv4 Address)

Network -> Interfaces
On your Internal interface add an IPv6 address from one of the routed subnets (i.e 2001:x:28:y::1/64)

Routing -> Static Routing
IPv6 unicast routes -> Add
 - Destination ::/0
 - Interface: HE Tunnel

Routing -> Gateways
IPv6 gateways -> Add
 - Name: HE
 - Gateway IP: 2001:x:27:y::1
 - Interface: None
Health Check
 - Monitoring Condition: Ping 2001:x:27:y::1

To test you can assign a static IPv6 address to a computer on your internal network with the address: 2001:x:28:y::2, gateway: 2001:x:28:y::1, DNS: 2001:x:28:y::1
You should now be able to access IPv6 hosts. (You might need to verify that your firewall policy allows outbound IPv6 traffic first)

Next step would be to enable IPv6 Router Advertisments (Under the Network menu)
I haven't done this part myself yet but it should be enough to select your internal interface and enter your prefix ( 2001:x:28:y:: )
Logged