Enabling IPv6 on untrusted Ethernet1/1 interface brings down IPv4

Reply
L0 Member

Enabling IPv6 on untrusted Ethernet1/1 interface brings down IPv4

I tried working with Palo Alto support but there hours don't match with my schedule. 

 

I decided to start using IPv6 on my local LAN and WAN. 

 

I setup a DHCP server using MS Server and created a scope. Devices on the network are getting two IPv6 address. 

 

I configured the IPv6 on PA-220 and hit the enable button and committed and immediately lost the IPv4 network from Xfinity. I currently get my IPv4 via DHCP.

 

After about a week of this I contacted support and open up a case via the Palo Alto web portal. They couldn't answer the basic question, why enabling IPv6 would bring down IPv4. Even if I don't have anything configured it brings down the IPv4. Just enabling it brings down the interface. I know I'm getting IPv6 from Xfinity. I did a packet capture. 

 

bryanscott_0-1607189276233.png

 

 

During this time, I configured a Cisco RV340 and have no issues with both IPv4 and IPv6 working on the untrusted interface. I could continue to use the Cisco RV340 but it's not a NGF. 

 

If needed I could provide configurations, but seeing I can get it  to work on a Cisco small business router I wonder what is going on. I was on version 10.x software. I downgraded to 9.1.x just to see if it was a problem with the code. No change. 

 

I contacted Xfinity and they say both can work at the same time. They also provided the Prefix to use. It's in the screenshot. 

 

 

L2 Linker

Can't explain why IPv4 goes down, but be aware that Palo does not support DHCPv6 prefix delegation, which is kinda mind blowing.
Been requested for a long time, but seems like IPv6 doesn't get any attention.

L0 Member

I replaced the Netgear CM1100 modem with a Arris T25 modem and the modem does not reboot after I enable IPv6. 

 

I found a post on Netgear's support website that others are having the same problem with different firewalls.

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!